Preventing access from non-compliant computers to restricted zones and areas on SharePoint Web applications in IAG SP1 Update 2

Updated: February 10, 2010

Applies To: Intelligent Application Gateway (IAG)

This topic describes how you can use the application’s Restricted Zone policy so that end users cannot access sensitive zones and areas of the application, such as administrative zones, if the end user's computer does not meet the security policy requirements.

To enable this option, when you finish adding the application to the trunk, you need to assign a unique Restricted Zone policy to the application, as described below. The defined zones and areas are blocked on the server side, and users who are blocked are notified accordingly.

To prevent access to restricted zones and areas

  1. On the desktop of the computer running IAG, click Start, point to All Programs, point to Whale Communications IAG, and then click Configuration.

  2. If a password is required, enter it, and then click OK.

  3. In the Configuration console, on the Application Properties dialog box, on the Web Settings tab, verify that the Activate Restricted Zone check box is selected, and then on the General tab, click Edit Policies.

  4. On the Policies dialog box, in the Policies group box, select the Default Web Application Restricted ZoneAccess policy, and then click Edit.

  5. On the Advanced Policy Editor dialog box, you can edit the policy in order to comply with your corporate policy, so that noncompliant computers (such as computers that don't run a firewall) are denied access to the administrative zones, or you can change the policy value to False to prevent any access to the administrative zones from endpoint computers.

    By default, the value of the policy is True, and it enables access to all zones and areas of the application from all endpoint computers.

    You edit policy components on the Advanced Policy Editor dialog box by doing one or more of the following:

    • In the Components list, click a component; a component can be either an existing expression or an existing variable. The selected component appears in the box on the right.

    • In the box, use VBScript-syntax free text in order to add or edit rules and rule components, as required; you can also delete rules and rule components in the box.

    Use the AND, OR, NOT, and parentheses operators in order to create a combination of as many components as you require.

    For more information, see "Endpoint Policies" in the Intelligent Application Gateway User Guide.

  6. On the Advanced Policy Editor dialog box, click OK, and then on the Policies dialog box, click Close. On the Application Properties dialog box, click OK, and then in the Configuration console, click the Activate Configuration icon. Access to the zones and to the areas that you define will be blocked on the client side, the server side, and on endpoint computers that do not comply with the security policy that you define here.