cancel
Showing results for 
Search instead for 
Did you mean: 

Active directory group policy

Highlighted
Here to help

Active directory group policy

I'm having problems with a group policy applied to an Active Directory group. 
The policy blocks all sites but allows access to a series of urls in the white list.
All users use a desktop on a RDP host windows 2016.
Sometimes every day, access is blocked not only to users in the group but also to others.
After a while, access is restored. Do you have any suggestions? Thank you
5 REPLIES 5
A model citizen

Re: Active directory group policy

Hi @Aondio_Carlo

 

I think using a group policy in this case may not be the best solution for you. When your Meraki MX picks up each login/authentication event and sees an individual user, I believe it is then applying the appropriate group policy to the device (or client) and not each unique session id within the OS. Since they are all accessing one physical network device, it will apply one group policy to the client at a time. You may need to find a different solution for limiting access with that specific RDP host. 


Found this helpful? Give me some Kudos! (click on the little up-arrow below) and If my reply solved your issue, please mark it as a solution Smiley Happy
Kind of a big deal

Re: Active directory group policy

I agree with @WadeAlsup.  Meraki ties the user to a machine.  If you have a machine that can be used by more than 1 person this approach will not work for you.

Getting noticed

Re: Active directory group policy

Adding on to what @WadeAlsup and @PhilipDAth mentioned, you may look into solutions that are designed for a VDI environment.  

Here to help

Re: Active directory group policy

Good morning, according to you apply the "Virtual IP solution for RDP session" could solve the problem?

 

Did you hear if it is a solution used? Thank you

Regards

New here

Re: Active directory group policy

I am facing the same issue. In past, we are using Cyberoam firewall and through that, I have applied policy's to users, not on the systems. why CISCO don't this type of feature. 

 

is there any solution for this? 

Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.