Hi all. Thanks for taking the time to help. here's my scenario.
I need to provide a method where I can allow contractors and consultants into our portal but not allow them to launch SharePoint for example.
Now I know I can do this with groups, but this is not the preferred method at this time for various reasons. Additionally I need a way to identify corporate owned assets vs. personal pc.
My solution, use GPO enrolled user certs as my corporate PC identifier. If you have a user cert then you can launch the SharePoint application. If you do not have a user cert then the SharePoint application would be disabled.
I have enabled the certified endpoint under the trunk "session" tab. Now at logon I enter my credentials, and choose my user cert. I now show up as a certified device under "system Information". Perfect, no problem with
the cert process. The question is how do I use certified device (yes/no) as a control mechanism to launch the SharePoint application? I do not see an endpoint policy "Certified Device" to define application access. If I use "Default
Privileged Endpoint" the SharePoint application is disabled regardless if I am certified or not.
I'm a little lost, heck I may be going down the wrong road.
Microsoft is conducting an online survey to understand your opinion of the Technet Web site. If you choose to participate, the online survey will be presented to you when you leave the Technet Web site.