C H A P T E R
5-1
Cisco Secure Desktop Configuration Guide
OL-8607-02
5
Setting Up CSD for Microsoft Windows Clients
See the following sections to configure CSD for remote clients running Microsoft Windows:
•
Creating Windows Locations
•
Defining Location Criteria
•
Configuring the Secure Desktop for Clients that Match Location Criteria
Creating Windows Locations
Windows locations let you determine how clients connect to your virtual private network, and protect it
accordingly.
For example, clients connecting from within a workplace LAN on a 10.
x.x.x
network behind a NAT
device are an unlikely risk for exposing confidential information. For these clients, you might set up a
CSD Windows Location named Work that is specified by IP addresses on the 10.
x.x.x
network, and
disable both the Cache Cleaner and the Secure Desktop function for this location.
In contrast, users’ home PCs might be considered more at risk to viruses due to their mixed use. For these
clients, you might set up a location named Home that is specified by a corporate-supplied certificate that
employees install on their home PCs. This location would require the presence of antivirus software and
specific, supported operating systems to grant full access to the network.
Finally, for untrusted locations such as Internet cafes, you might set up a location named “Insecure” that
has no matching criteria (thus making it the default for clients that do not match other locations).
This location would require full Secure Desktop functions, and include a short timeout period to prevent
access by unauthorized users.
CSD evaluates remote client PCs against the locations in the order listed on the Windows Location
Settings pane, and grants privileges based on the first location definition that matches.
Examine the Windows Location attribute descriptions to plan a configuration that meets the security
requirements of your network.
Click
Windows Location Settings
in the menu on the left to define the location-based settings
(also called adaptive policies) for CSD.
Figure 5-1
shows the default settings.