[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [FW1] How do I lock down SecuRemote on a client PC????
Jay, What are you specifically looking to lock them out of? They might futz around in the config and disallow themselves access because the broke it, but after you let them sit for a while without the ability to connect, they most likely won't do that again(of course you need to fix it :) You really control most of what they access from your end(not including non-work sites.) >From my point of view, I see this as one of those where you take some steps to do the work, but unsterstand you will have those who will defeat you. I wouldn't spend your every waking moment trying to out-do your users, but instead make sure they understand that you've given them the tool(s) so they may do their work and they should leave certain aspects of the system alone ( e.g. polcies). The harder you work to lock down their system, the more work you will create for yourself in the long run and most likely for the mobile user. With that said, you could use NT on the remote systems and don't allow them any administrative privledges. You could attempt to lock down the system to a point at which it is functional, but difficult for your user and you. You really can't lock down SR as you could SC. The config file will need to be writable(to do updates et'al) and so does the directory that SR lives in, and that allows them to update it manually as well. Maybe this will spark others to pipe up and give some ways to help you out. Robert - - Robert P. MacDonald Global Infrastructure Group, Haworth, Inc. Voice:email: [email protected] >>> "Jay Clukey" <[email protected]> 02/21/01 03:53PM >>> > >To all: > >I am using FW-1 4.1SP2 with SecuRemote Bld4174. My question is this: >Is there a way that I can "lock" down the SecuRemote client piece so that a >user cannot change any of the options on the client? Is there any > documentation that would or could explain the steps necessary to do this? >We are not using the Secure Client piece to enforce policies on the desktop >currently. > >Any help would be greatly appreciated. TIA. ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|