Endpoint Protection

Hello,

I'm looking for a way to block all networking if a user logs into a Windows 8 box using his local user account and not our Domain account. I've asked this before, but I'm looking for new ideas. User mode was mentioned, however that's not practical as we would need to re-import from AD at every change.

Is there a command line we can leverage? ie a command we can add to our script to either force a location change for SEP or force a policy change? Something along those lines. Basically we will take care of verifying 'who' is logged in, then we're looking for SEP to block networking alltogether.

Thanks.

You would need to use location awareness to apply a "block all" firewall policy

The problem is finding out what location change can you make when its determined the local account logged in. It would probably be a registry key.

So a registry change (that will apply the 'block all' policy) when a local user logs on? Problem is a reboot is needed. But you have me thinking of something else... I will try and post back.

You configure the policy to check whether or not a registry keys exists. It's possible that when a user logs in to the domain, a different registry key is created then if they login locally. If this is the case, this should be simple. The problem is trying to determine which key that is ;)

Registry change did the trick. No reboot required. We just a REG import do the changes. Thanks Brian for your excellent help!

good deal, happy to help :)