This forum has migrated to Microsoft Q&A. Visit Microsoft Q&A to post new questions.

Remove From My Forums

WSUS in DMZ only with Computer client certificate

Question
0

Sign in to vote

Hello,

I would like to run a wsus in the DMZ.

The Url to the DMZ WSUS is SSL protetecd.The wsus is reachable from the internet.

Now i want that only clients with certifikates from our "intern" CA (Computer certificates) can connect the DMZ WSUS from the internet.

Is there any settings??

Greetings

Katharina

Friday, December 19, 2014 6:49 AM

Answers

0

Sign in to vote
Hi Katharina,

I can't find any official document about how to authenticate a WSUS client with certificate.

Normally, we don't use WSUS to authenticate the users. We can use VPN or DirectAccess to authenticate the users. If users pass the authenticate, they can access the WSUS server.

DirectAccess allows remote users to securely access internal network file shares, Web sites, and applications without connecting to a virtual private network (VPN). An internal network is also known as a private network or intranet.

DirectAccess establishes bi-directional connectivity with an internal network every time a DirectAccess-enabled computer connects to the Internet, even before the user logs on.

Users never have to think about connecting to the internal network and IT administrators can manage remote computers outside the office, even when the computers are not connected to the VPN.

For detailed information about DirectAccess, please refer to the link below,

DirectAccess Overview

http://technet.microsoft.com/en-us/library/dd759144.aspx

Best Regards.

Steven Lee Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact tnmff@microsoft.com.
- Proposed as answer by Steven_Lee0510 Wednesday, January 7, 2015 8:50 AM
- Marked as answer by KatharinaSchuster Thursday, January 8, 2015 5:59 AM
Monday, December 22, 2014 3:20 AM