Cris
Thu Jul 10 10:14:06 PDT 2008
This is a multi-part message in MIME format.
------=_NextPart_000_00D5_01C8E286.736541D0
Content-Type: text/plain;
charset="Utf-8"
Content-Transfer-Encoding: quoted-printable
Windows Server 2008 introduces the concept of Network Access Protection. =
Not a new concept, just new to Windows. " Network Access Protection =
(NAP) is a new client health policy creation, enforcement, and =
remediation technology that is available for Windows XP, Windows Vista, =
and the Windows Server 2008 operating system. With NAP, administrators =
can establish and automatically enforce health policies which can =
include software requirements, security update requirements, required =
computer configurations, and other settings. For more information visit =
the NAP Web page."
SBS 2008 is based on Windows Server 2008, so perhaps this would be a =
consideration.
--=20
Cris Hanna [SBS-MVP]
-------------------------------------------------
Microsoft MVPs
Independent Experts (MVPs do not work for MS)
Real World Answers
---------------------------------------------------------
Please do not contact me directly regarding issues
"ck" <ck@discussions.microsoft.com> wrote in message =
news:5A3E5DA9-449F-4EEF-B528-3619C519AFE8@microsoft.com...
@Cris, thanks for your response.
I see your point. Not looking for anything to completely lock them down =
but=20
more for loggin activity. Just curious to know what the consensus is for =
companies out there regarding there roaming users. Especially for =
unsavoury=20
web access on company equipment offsite.
I'm guessing that way forward would be to GPO IE7 settings, then force=20
emailsystems proxy settings backup by there DWP tools they offer.
"Cris Hanna [SBS-MVP]" wrote:
> Besides supporting a number of small business customers, I have a full =
time day job in an IT depart that supports nearly 30,000 employees world =
wide.
>=20
> When we take our laptops away from the building and off the LAN, there =
is no control over where I can surf, etc, unless of course, I'm VPN'd =
back to the LAN.
>=20
> It would take a fairly sophisticated setup to block your remote users =
from connecting to the net, without connecting to the VPN.
>=20
> So if you have a user that is remote, and they just want to surf, the =
link below doesn't kick in...
>=20
> --=20
> Cris Hanna [SBS-MVP]
> -------------------------------------------------
> Microsoft MVPs
> Independent Experts (MVPs do not work for MS)
> Real World Answers
> ---------------------------------------------------------
> Please do not contact me directly regarding issues
>=20
> "ck" <ck@discussions.microsoft.com> wrote in message =
news:A06EB4F1-C602-49C6-9613-9D48A3A97619@microsoft.com...
> SBS2003 R2 Premium
> ISA2004
>=20
> I'm looking into Web Filtering SaaS from Webroot for remote users, =
purely=20
> because when out of the office ISA isn't there to be connected too.
>=20
>
http://www.emailsystems.com/webservices.php
>=20
> As we are only running 1 broadband connection I've never considered =
making=20
> users use a VPN to the office for there internet surfing as it would =
be way=20
> too slow. But these users need to have to some degree some form of =
monitoring=20
> when using company equipment and the internet.
>=20
> How are people here logging (if they do) there remote users internet =
activity?
>=20
>=20
>=20
>
------=_NextPart_000_00D5_01C8E286.736541D0
Content-Type: text/html;
charset="Utf-8"
Content-Transfer-Encoding: quoted-printable
=EF=BB=BF<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=3DContent-Type content=3D"text/html; charset=3Dutf-8">
<META content=3D"MSHTML 6.00.2900.3354" name=3DGENERATOR>
<STYLE></STYLE>
</HEAD>
<BODY bgColor=3D#ffffff>
<DIV><FONT face=3DArial size=3D2>Windows Server 2008 introduces the =
concept=20
of Network Access Protection. Not a new concept, just =
new to=20
Windows. " <FONT face=3D"Times New Roman" size=3D3>Network =
Access=20
Protection (NAP) is a new client health policy creation, enforcement, =
and=20
remediation technology that is available for Windows XP, Windows Vista, =
and the=20
Windows Server 2008 operating system. With NAP, administrators can =
establish and=20
automatically enforce health policies which can include software =
requirements,=20
security update requirements, required computer configurations, and =
other=20
settings. For more information visit the </FONT><A title=3D"NAP Web =
page"=20
href=3D"
http://www.microsoft.com/windowsserver2008/en/us/nap-product-home=
.aspx"><FONT=20
face=3D"Times New Roman" size=3D3>NAP Web page</FONT></A><FONT=20
face=3D"Times New Roman" size=3D3>."</FONT></FONT></DIV>
<DIV> </DIV>
<DIV><FONT face=3DArial size=3D2>SBS 2008 is based on Windows Server =
2008, so=20
perhaps this would be a consideration.</FONT></DIV>
<DIV><BR>-- <BR>Cris Hanna=20
[SBS-MVP]<BR>-------------------------------------------------<BR>Microso=
ft=20
MVPs<BR> Independent Experts (MVPs do not work for MS)<BR>Real =
World=20
Answers<BR>---------------------------------------------------------<BR>P=
lease=20
do not contact me directly regarding issues<BR></DIV>
<DIV>"ck" <<A=20
href=3D"mailto:ck@discussions.microsoft.com">ck@discussions.microsoft.com=
</A>>=20
wrote in message <A=20
href=3D"news:5A3E5DA9-449F-4EEF-B528-3619C519AFE8@microsoft.com">news:5A3=
E5DA9-449F-4EEF-B528-3619C519AFE8@microsoft.com</A>...</DIV>@Cris,=20
thanks for your response.<BR><BR>I see your point. Not looking for =
anything to=20
completely lock them down but <BR>more for loggin activity. Just curious =
to know=20
what the consensus is for <BR>companies out there regarding there =
roaming users.=20
Especially for unsavoury <BR>web access on company equipment =
offsite.<BR><BR>I'm=20
guessing that way forward would be to GPO IE7 settings, then force=20
<BR>emailsystems proxy settings backup by there DWP tools they=20
offer.<BR><BR><BR>"Cris Hanna [SBS-MVP]" wrote:<BR><BR>> Besides =
supporting a=20
number of small business customers, I have a full time day job in an IT =
depart=20
that supports nearly 30,000 employees world wide.<BR>> <BR>> When =
we take=20
our laptops away from the building and off the LAN, there is no control =
over=20
where I can surf, etc, unless of course, I'm VPN'd back to the =
LAN.<BR>>=20
<BR>> It would take a fairly sophisticated setup to block your remote =
users=20
from connecting to the net, without connecting to the VPN.<BR>> =
<BR>> So=20
if you have a user that is remote, and they just want to surf, the link =
below=20
doesn't kick in...<BR>> <BR>> -- <BR>> Cris Hanna =
[SBS-MVP]<BR>>=20
-------------------------------------------------<BR>> Microsoft=20
MVPs<BR>> Independent Experts (MVPs do not work for MS)<BR>> =
Real=20
World Answers<BR>>=20
---------------------------------------------------------<BR>> Please =
do not=20
contact me directly regarding issues<BR>> <BR>> "ck" <<A=20
href=3D"mailto:ck@discussions.microsoft.com">ck@discussions.microsoft.com=
</A>>=20
wrote in message <A=20
href=3D"news:A06EB4F1-C602-49C6-9613-9D48A3A97619@microsoft.com">news:A06=
EB4F1-C602-49C6-9613-9D48A3A97619@microsoft.com</A>...<BR>>=20
SBS2003 R2 Premium<BR>> ISA2004<BR>> <BR>> I'm looking into Web =
Filtering SaaS from Webroot for remote users, purely <BR>> because =
when out=20
of the office ISA isn't there to be connected too.<BR>> <BR>> <A=20
href=3D"
http://www.emailsystems.com/webservices.php">http://www.emailsyst=
ems.com/webservices.php</A><BR>>=20
<BR>> As we are only running 1 broadband connection I've never =
considered=20
making <BR>> users use a VPN to the office for there internet surfing =
as it=20
would be way <BR>> too slow. But these users need to have to some =
degree some=20
form of monitoring <BR>> when using company equipment and the=20
internet.<BR>> <BR>> How are people here logging (if they do) =
there remote=20
users internet activity?<BR>> <BR>> <BR>> =
<BR>></BODY></HTML>
------=_NextPart_000_00D5_01C8E286.736541D0--