NOTE: I have mentioned this before for a feature add, but still do not see how to accomplish this tasks... The 2x gateway should have an option to query AD group memberships for "allowed" users. Example: DMZ server with web portal and gateway installed for an office of 100 users. out of the 100 users, 20 need to have remote access to the 2x farm. With a setting like this, you could create a "AllowedRemoteAccess" group in AD for the allowed 20 users to access the DMZ web portal/Gateway. (gateway will check group membership) Now, you basically give all 100 users access remotely. Many clients only want remote access granted to a few users. Is there a way to do this now? If not, please consider adding this. Thanks
Hi there, which 2x products do you use and which version? Does this problem persists even with version 10.0.1142? Within the 2xServer console under publishing you can set filters for user and user groups using LDAP. Perhaps we don't understand well. Please explain more detailed? You might even consider to open a ticket sending an email to support@2x.com. Kind regards,
Currently, if i have a network of 100 users and setup 2x web portal for remote users....all 100 users have remote access. Not every one in a network needs remote access into a system. This raises a security concern and questions from company owners. The web portal (or gateway the portal uses) should have an option to query AD members of a group for allowed remote access. This could be done with some kind of gateway option. Example: Only allow access if a user is a member of a specific AD group. You should also be able to define specific 2x client options when a session is connecting from a specific gateway.
You can set access for each item on the filtering tab. This will give you the option to restrict users by AD username, IP address or even by what version of client they are running. To access this, open your 2X Virtual Desktop Server Console. Go to publishing and select the item you with to restrict. Select filtering and change your filtering type to user. You will then add the users or groups you want to allow access. Nobody else will be given the ability to access this item. Be sure to hit the apply button. Hope that answers your question.
I have the same issue, the problem with the Publishing suggestion is we require all our users to access the same terminal servers desktops. To separate the users with the publishing rights would require two separate published applications one for the remote users and one for the on site users and they can not share the same terminal servers. Another way it should work is client policies. One policy for the remote clients and on for everyone. Then if you tie the client policy to the specific gateway used for remote access only those user in that group should be permitted. To bad it does not work that way.
This is really a problem... Please give this high/quick consideration. The options posted above do not help. More options need to be given to Admins to control client settings. (IE: more filter options, connections from different gateways...and so on)