3 Replies Latest reply on Feb 14, 2011 6:24 PM by michaelkuhn

    McAfee Logon Collector and Terminal Services

      I am trying to control the internet access for users in our network the majority of which use Thin Clients and access Termainal Servers from what I can see though the Logon Collector only ever records the last logged on user for a server.

       

      The issue I have is if you have a Terminal Server with 30 users some of which we restrict Internet access or disallow completely I can't find a way to setup so the access is trasparent to the user.

       

      Does any one have this scenario working and have any advise on options.

       

      Thanks in Advance

       

      Michael

        • 1. Re: McAfee Logon Collector and Terminal Services
          PhilM

          Michael,

           

          I'm not sure if this is going to be possible transparently.

           

          All I can say for certain is that I've checked the written notes I made from the product launch and I have written "McAfee Logon Collector currently not supported for Citrix/TS envrionemts".

           

          Phil.

          • 2. Re: McAfee Logon Collector and Terminal Services
            pe3

            Michael,

             

            I was able to block internet access by creating a policy in my citrix server container and then using the security settings to assoicate with the user group I wanted to block from the internet.

             

            The setting I used was User Configuration > Administrative Templates > System and the value "Don't run specified windows application" and added iexplore.exe.

             

            There are other ways of blocking access. I saw notes where people were overriding the proxy settings to something that didn't go anywhere.

             

            Phil

            • 3. Re: McAfee Logon Collector and Terminal Services

              I ended up finding a solution to my problem, restricting the browser was not an option as they still needed access to internal sites.

               

              I ended up not using the login collecter but using the firewall with Windows Authentication and made the access transparent to the user.  I then ended up using the smartfilter management client enabled active directory and implemented a default block policy for all users and a policy for users based on groups.  The key was not to use a passport on the firewall.

               

              Not the simplest but solved my issue, I plan to document the setup over the coming days and post here for others in the same situation