Đang chuẩn bị nút TẢI XUỐNG, xin hãy chờ
Tải xuống
các thiết lập cho việc cấu hình một máy chủ proxy phía trước có thể được tự động áp dụng cho các máy trạm khách hàng thông qua việc sử dụng các Group Policy Object (GPO). GPO cho phép thực thi số lượng lớn các thiết lập trên hệ thống trong phạm vi một, | Enabling ISA Server 2006 VPN Quarantine 273 Finally exempt users or groups can be specified based on ISA User Sets which can parse AD RADIUS or SecurID group membership. This allows for exemptions to Quarantine to be established for choice groups of VPN clients. To add clients make changes to the Quarantine tab as necessary then click OK and Apply. Customizing a CMAK Package for VPN Quarantine The clients in a VPN Quarantine configuration must be addressed to properly implement this type of solution. A special script or set of scripts that makes use of the RSC.exe clientside component of the Remote Access Quarantine Service must be run on the clients as they connect to allow them to pass quarantine checks. This type of scripting can be complex but sample scripts can be downloaded from Microsoft at the following URL http www.microsoft.com downloads details.aspx FamilyID a290f2ee-0b55-491e-bc4c-8161671b2462 displaylang en NOTE Because of the complexity of the URL it may be easier to simply search the Internet for VPN Quarantine Sample Scripts.EXE which should lead directly to the link. The most straightforward way to deploy a custom VPN Quarantine script to clients is by embedding the script in a CMAK profile. The steps for creating this profile are described in the previous section of this chapter that focuses on CMAK specifically. Follow the procedure outlined in that section but add two more procedures. In the first procedure a custom action must be defined that kicks off the Quarantine script that was written as follows 1. At the Custom Actions Dialog box of the CMAK Profile wizard which was previously shown in Figure 9.31 click New. 2. Enter a Description such as Quarantine Check. 3. Click the Browse button to locate the Batch file that was created and click the Open button when it has been found. 4. Under Parameters enter the following DialRasEntry TunnelRasEntry 7250 Domain UserName Versionl 5. Under Action type select Post-Connect from the drop-down list. 6.
