5-4
Cisco Secure Desktop Configuration Guide
OL-8607-02
Chapter 5 Setting Up CSD for Microsoft Windows Clients
Defining Location Criteria
This pane lets you specify the criteria that define the location. A location can be based on any of the
following matching criteria:
•
Certificate name and issuer
•
IP address range
•
Presence or absence of a particular file or registry key.
Note
To push the Secure Desktop to all remote client PCs regardless of their status, configure only one
location and do not specify a certificate, IP address range, or file or registry criteria. This default location
pushes the Secure Desktop to all computers from which users connect.
CSD considers the three location criteria in a logical “AND” relationship. For example, if you specify
an IP address range under “Enable identification using IP criteria,” and you specify “File
company_software.exe #does exist#” under “Enable identification using File or Registry criteria,” the
client must meet both of these conditions to match the location.
Within each area in the pane, only one of the criteria you specify must match; that is, CSD considers the
criteria in a logical “OR” relationship. For example, if you specify several files under “Enable
identification using File or Registry criteria,” only one of these files must be present.
Refer to the sections that name the location criteria you want to configure:
•
Location Module
•
Certificate Criteria
•
IP Criteria
•
Registry and File Criteria
Location Module
The Location Module attribute in the Identification for
<Location>
pane (
Figure 5-2
) permits one of the
following options:
•
Secure Desktop—Check if you want to require the Secure Desktop to be present on the remote client
as a criterion for assigning this location entry.
Note
If you check Secure Desktop and configure the Secure Desktop settings, you should still
configure the Cache Cleaner as well. The Cache Cleaner serves as a fall-back security
solution for older Windows operating systems such as Windows 98, which the full Secure
Desktop functions do not support.
•
Cache Cleaner—Check if you want to require the Cache Cleaner to be present on the remote client
as a criterion for assigning this location entry.
•
Both Secure Desktop and Cache Cleaner—Leave unchecked to let CSD apply the configured
VPN
feature policy
.