Tweet
Hi,
Hope you are all well.
Our policy layout:
Default policy > Firewall app - block rule with no conditionsDomain Admins (Default policy parent) - Firewall app - block rule to any WANDomain Policy (Default policy parent) - Multiple apps, web filtering, av etc etc
Policy rule to point unauthenticated at default policy, domain admins group to domain admins policy and members of domain users to domain policy
The problem I am seeing is a user is working and using the Domain policy rack. If that user then rdp's or installs software using a domain admins credentials, then after that it seems to enforce the domain admins policy. If I rdp using the normal users credentials then internet access resumes using the domain policy. I think I can understand why, but just wondering if there is a way around this? I am guessing that adding the admin account to the directory connector exceptions would actually stop the domain admin policy from apply?
Its more a problem for domain admins who are logging in with normal accounts, and then rdp or authenticate to another program with their domain admin accounts.
Many thanks
Simon
Hope you are all well.
Our policy layout:
Default policy > Firewall app - block rule with no conditionsDomain Admins (Default policy parent) - Firewall app - block rule to any WANDomain Policy (Default policy parent) - Multiple apps, web filtering, av etc etc
Policy rule to point unauthenticated at default policy, domain admins group to domain admins policy and members of domain users to domain policy
The problem I am seeing is a user is working and using the Domain policy rack. If that user then rdp's or installs software using a domain admins credentials, then after that it seems to enforce the domain admins policy. If I rdp using the normal users credentials then internet access resumes using the domain policy. I think I can understand why, but just wondering if there is a way around this? I am guessing that adding the admin account to the directory connector exceptions would actually stop the domain admin policy from apply?
Its more a problem for domain admins who are logging in with normal accounts, and then rdp or authenticate to another program with their domain admin accounts.
Many thanks
Simon
Comment