locked
DirectAccess - Differentiating mobile/DA from LAN connectivity - for GPOs RRS feed

  • Question

  • We'd like to be able to apply certain GPOs when a DirectAccess capable device is LAN connected. So we'd like to be able to differentiate whether the device is connected via the LAN or DA (mobile) connection, ideally through a GPO/GPP method.

    As an example we have a GPP that connects printers and we'd rather they weren't connected when DA (mobile) connected. Does anyone know of a check we can use given that these will both be fast connections?

    Many thanks.

    Monday, July 7, 2014 2:49 PM

All replies

  • Hi,

    Why dont hou try a GPO at site level. It Will bé evaluated at logon.


    BenoitS - Simple by Design http://danstoncloud.com/blogs/simplebydesign/default.aspx

    Monday, July 7, 2014 8:56 PM
  • Because of the mix of client types and the need for coexistence I need to link this to a particular OU. I'd rather not have to rely on WMI filters or GPP ILT for making sure I target the correct devices and people.

    Ideally there is a differentiator that I can programmatically detect for tell if a device is on the LAN or is connected through DA.

    Tuesday, July 8, 2014 6:42 AM
  • Hi,

    Automation? so on LAN you should not be able to reach the NLS Server. so DNS resolution should fail. Hace a look at NETSH NAMESPACE SHOW EF witch should sait to be disabled when connected on LAN.


    BenoitS - Simple by Design http://danstoncloud.com/blogs/simplebydesign/default.aspx

    Tuesday, July 8, 2014 7:00 PM
  • Something else to consider - almost every DirectAccess customer out there is running IPv4 inside their corp networks. If that is true for you, maybe you could programmatically ping a server and look at the response. If it responds IPv4, you are inside the network. If it responds IPv6, you are on DirectAccess.
    Monday, July 21, 2014 8:13 PM