control application access with certificate or certified endpoint


  • Hi all.  Thanks for taking the time to help.  here's my scenario.

    I need to provide a method where I can allow contractors and consultants into our portal but not allow them to launch SharePoint for example.

    Now I know I can do this with groups, but this is not the preferred method at this time for various reasons.  Additionally I need a way to identify corporate owned assets vs. personal pc.

    My solution, use GPO enrolled user certs as my corporate PC identifier.  If you have a user cert then you can launch the SharePoint application.  If you do not have a user cert then the SharePoint application would be disabled.

    I have enabled the certified endpoint under the trunk "session" tab.  Now at logon I enter my credentials, and choose my user cert.  I now show up as a certified device under "system Information".  Perfect, no problem with the cert process.  The question is how do I use certified device (yes/no) as a control mechanism to launch the SharePoint application?  I do not see an endpoint policy "Certified Device" to define application access.  If I use "Default Privileged Endpoint" the SharePoint application is disabled regardless if I am certified or not.

    I'm a little lost, heck I may be going down the wrong road.

    thanks for you help

    Friday, September 13, 2013 7:28 PM

All replies