locked
UAG Advanced Policy Editor - How do I restrict users from seeing Windows 7 64 Bit? RRS feed

  • Question

  • I would like our users to see Windows XP, Vista and 7 32 bit options only.  I want to restrict them from seeing Windows 7 64 bit.  I went to the Advanced Policy Editor for Windows and modified the script as follows:

     (  (  (  ( System_OS_WinVistaHome )  ) OR  (  ( System_OS_Win764bit )  ) OR  (  ( System_OS_WinXPHome )  AND  ( System_OS_WinNTServicePackVersion >=1 )  ) OR  (  ( System_OS_WinVistaPro )  ) OR  (  ( System_OS_WinXPPro )  AND  ( System_OS_WinNTServicePackVersion >=1 )  ) OR  (  ( System_OS_Win7Home )  ) NOT  (  ( System_OS_Win764bit )  )  )  )

    However, I have 2 problems. First, I'm not sure if I'm using the NOT operand correctly, and secondly, I can't tell if the format is correct.  I keep getting a Syntax error.

    I looked at the Forefront Unified Access Gateway Configuring Forefront AUG platform specific policies page (http://technet.microsoft.com/en-us/library/dd861425.aspx) and it only mentions the AND OR and NOT operands but does not give examples how to use them.  Strangely enough, it seems by default you would not have to use the NOT operand, that the item, if not selected would not be displayed.  However, we are having the 64 bit option displayed on our 32 bit users page so I'm trying to force it to NOT appear.

    Please help... Thanks


    SGrow23@hotmail.com
    Tuesday, November 23, 2010 3:15 PM

Answers

  • Finally a solution. This is the policy that works:

     (  (  (  ( eGapComponents_CertifiedEndpoint )  )  )  AND  (  (  ( System_OS_WinVistaHome )  AND  ( System_OS_WinNTServicePackVersion >=2 )  ) OR  (  ( System_OS_WinXPHome )  AND  ( System_OS_WinNTServicePackVersion >=3 )  ) OR  (  ( System_OS_WinVistaPro )  AND  ( System_OS_WinNTServicePackVersion >=2 )  ) OR  (  ( System_OS_WinXPPro )  AND  ( System_OS_WinNTServicePackVersion >=3 )  ) OR  (  ( System_OS_Win7Home )  ) OR  (  ( System_OS_Win7Pro )  ) AND  NOT  (  ( System_OS_Win764bit )  )  )  ) 

     

    Thank you!

    Tuesday, November 23, 2010 9:09 PM
  • Yes, it looks like the " )  ) AND  NOT  (  ( " instead of just using the NOT at the end was the key.  Thanks everyone...

    Tuesday, November 23, 2010 9:43 PM

All replies

  • I'm consufed by "I want to restrict them from seeing Windows 7 64 bit"

    Windows 7 64 bit what???

    Do you have specific 64bit applications published in the portal?

    Cheers

    JJ


    Jason Jones | Forefront MVP | Silversands Ltd | My Blogs: http://blog.msedge.org.uk and http://blog.msfirewall.org.uk
    Tuesday, November 23, 2010 3:57 PM
  • What my peer is trying to explain is the following:

    We want to restrict Windows 7 64bit client computers to have access to an application, in this case a RDP publication. We want all the 32bit clients to acces this application. We were using the policies to specify just the OS we want. However for some reason, altough we do not include Windows 7 64bit those clients are able to see this application. So we are trying to create a policy that exclude the Windows 7 64bit OS as the ones to have right to acces this application.

    We are using the option "Edit as Scrip" to create the policy. This make sense?

     

    Thank you!

    Tuesday, November 23, 2010 6:33 PM
  • Hi,

    before even checking the syntax, I notice you seem to have Win7 64bit twice in your policy boolean expression:

    (  (  (  ( System_OS_WinVistaHome )  ) OR  (  ( System_OS_Win764bit )  ) OR  (  ( System_OS_WinXPHome )  AND  ( System_OS_WinNTServicePackVersion >=1 )  ) OR  (  ( System_OS_WinVistaPro )  ) OR  (  ( System_OS_WinXPPro )  AND  ( System_OS_WinNTServicePackVersion >=1 )  ) OR  (  ( System_OS_Win7Home )  ) NOT  (  ( System_OS_Win764bit )  )  )  )

     


    -Ran
    Tuesday, November 23, 2010 9:08 PM
  • Finally a solution. This is the policy that works:

     (  (  (  ( eGapComponents_CertifiedEndpoint )  )  )  AND  (  (  ( System_OS_WinVistaHome )  AND  ( System_OS_WinNTServicePackVersion >=2 )  ) OR  (  ( System_OS_WinXPHome )  AND  ( System_OS_WinNTServicePackVersion >=3 )  ) OR  (  ( System_OS_WinVistaPro )  AND  ( System_OS_WinNTServicePackVersion >=2 )  ) OR  (  ( System_OS_WinXPPro )  AND  ( System_OS_WinNTServicePackVersion >=3 )  ) OR  (  ( System_OS_Win7Home )  ) OR  (  ( System_OS_Win7Pro )  ) AND  NOT  (  ( System_OS_Win764bit )  )  )  ) 

     

    Thank you!

    Tuesday, November 23, 2010 9:09 PM
  • Yes, it looks like the " )  ) AND  NOT  (  ( " instead of just using the NOT at the end was the key.  Thanks everyone...

    Tuesday, November 23, 2010 9:43 PM
  • What my peer is trying to explain is the following:

    We want to restrict Windows 7 64bit client computers to have access to an application, in this case a RDP publication. We want all the 32bit clients to acces this application. We were using the policies to specify just the OS we want. However for some reason, altough we do not include Windows 7 64bit those clients are able to see this application. So we are trying to create a policy that exclude the Windows 7 64bit OS as the ones to have right to acces this application.

    We are using the option "Edit as Scrip" to create the policy. This make sense?

     

    Thank you!


    Yep, makes sense now...glad you got it working anyhow!
    Jason Jones | Forefront MVP | Silversands Ltd | My Blogs: http://blog.msedge.org.uk and http://blog.msfirewall.org.uk
    Tuesday, November 23, 2010 11:24 PM