4-2
Cisco Secure Desktop Configuration Guide
OL-8607-02
Chapter 4 Tutorial
Step One: Define Windows Locations
This tutorial describes how to configure three example locations: “Work,” “Home,” and “Insecure.”
“Work” is for those connecting to the VPN from a workstation in the office, “Home” is for those working
from home, and “Insecure” is for those who do not meet the criteria for either, such as those connecting
from a cybercafé.
In this tutorial, “Work” provides clients with full access, “Home” provides some flexibility, and
“Insecure” restricts access. This tutorial defines the locations as follows:
•
Work
–
Identified by a registry entry
–
Secure Desktop and Cache Cleaner are disabled
–
Full access: all features ON
•
Home
–
Identified by a certificate given by the administrator
–
Secure Desktop and Vault Reuse are enabled, with no timeout
Vault Reuse lets users close the Secure Desktop and open it again at a later time, creating a
persistent desktop that is available from one session to the next. If you enable this option, users
must enter a password (up to 127 characters in length) when CSD creates the Secure Desktop.
–
Advanced features require company antivirus software, company antispyware, company
firewall, and Windows 2000 Service Pack 4 or Windows XP
–
Check for keystroke logger
•
Insecure
–
No identification
–
Cache Cleaner
–
All features disabled except web browsing
To create the three locations:
Step 1
Choose
Windows Location Settings
in the CSD menu.
The Windows Location Settings pane appears.
Step 2
Type the following names in the
Location name
field, and click
Add
after typing each one:
•
Work
•
Home
•
Insecure
CSD evaluates client connections against the location entries in the order listed on the Windows Location
Settings pane. CSD grants privileges to a client PC based on the first location definition it matches. Our
example includes “Work,” “Home,” and “Insecure” in that order; to assign privileges to a host, CSD first
determines whether it is a “Work” host. If it is not, it determines whether it is a “Home” host. If it is not,
it assigns the privileges associated with the “Insecure” location.
To change the order of the evaluation, choose a location name and click
Move Up
or
Move Down
.
Click
Apply All
to save the running CSD configuration to the flash device.