3 Replies Latest reply on Feb 14, 2011 6:24 PM by michaelkuhn

    McAfee Logon Collector and Terminal Services

      I am trying to control the internet access for users in our network the majority of which use Thin Clients and access Termainal Servers from what I can see though the Logon Collector only ever records the last logged on user for a server.


      The issue I have is if you have a Terminal Server with 30 users some of which we restrict Internet access or disallow completely I can't find a way to setup so the access is trasparent to the user.


      Does any one have this scenario working and have any advise on options.


      Thanks in Advance



        • 1. Re: McAfee Logon Collector and Terminal Services



          I'm not sure if this is going to be possible transparently.


          All I can say for certain is that I've checked the written notes I made from the product launch and I have written "McAfee Logon Collector currently not supported for Citrix/TS envrionemts".



          • 2. Re: McAfee Logon Collector and Terminal Services



            I was able to block internet access by creating a policy in my citrix server container and then using the security settings to assoicate with the user group I wanted to block from the internet.


            The setting I used was User Configuration > Administrative Templates > System and the value "Don't run specified windows application" and added iexplore.exe.


            There are other ways of blocking access. I saw notes where people were overriding the proxy settings to something that didn't go anywhere.



            • 3. Re: McAfee Logon Collector and Terminal Services

              I ended up finding a solution to my problem, restricting the browser was not an option as they still needed access to internal sites.


              I ended up not using the login collecter but using the firewall with Windows Authentication and made the access transparent to the user.  I then ended up using the smartfilter management client enabled active directory and implemented a default block policy for all users and a policy for users based on groups.  The key was not to use a passport on the firewall.


              Not the simplest but solved my issue, I plan to document the setup over the coming days and post here for others in the same situation