Active directory group policy

Aondio_Carlo
Here to help

Active directory group policy

I'm having problems with a group policy applied to an Active Directory group. 
The policy blocks all sites but allows access to a series of urls in the white list.
All users use a desktop on a RDP host windows 2016.
Sometimes every day, access is blocked not only to users in the group but also to others.
After a while, access is restored. Do you have any suggestions? Thank you
5 REPLIES 5
WadeAlsup
A model citizen

Hi @Aondio_Carlo

 

I think using a group policy in this case may not be the best solution for you. When your Meraki MX picks up each login/authentication event and sees an individual user, I believe it is then applying the appropriate group policy to the device (or client) and not each unique session id within the OS. Since they are all accessing one physical network device, it will apply one group policy to the client at a time. You may need to find a different solution for limiting access with that specific RDP host. 


Found this helpful? Give me some Kudos! (click on the little up-arrow below) and If my reply solved your issue, please mark it as a solution 🙂

I agree with @WadeAlsup.  Meraki ties the user to a machine.  If you have a machine that can be used by more than 1 person this approach will not work for you.

I am facing the same issue. In past, we are using Cyberoam firewall and through that, I have applied policy's to users, not on the systems. why CISCO don't this type of feature. 

 

is there any solution for this? 

Ryan-Zimmerle
Getting noticed

Adding on to what @WadeAlsup and @PhilipDAth mentioned, you may look into solutions that are designed for a VDI environment.  

Aondio_Carlo
Here to help

Good morning, according to you apply the "Virtual IP solution for RDP session" could solve the problem?

 

Did you hear if it is a solution used? Thank you

Regards

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels