Preventing file uploads from non-compliant computers to SharePoint Web applications in IAG SP1 Update 2
Applies To: Intelligent Application Gateway (IAG)
This topic describes how you can use the application's Upload policy so that, unless the end user's computer meets the security policy requirements that you define, end users cannot do the following:
Upload files to the SharePoint Web application
Save files from Microsoft Office applications to the SharePoint Web application
Users who are blocked are notified accordingly.
To prevent file upload operations
On the desktop of the computer running IAG, click Start, point to All Programs, point to Whale Communications IAG, and then click Configuration.
If a password is required, enter it, and then click OK.
In the Configuration console, on the Application Properties dialog box, click Edit Policies.
On the Policies dialog box, under the Policies group, select the SharePoint 2007 Upload Checkin policy, and then click Edit.
On the Advanced Policy Editor dialog box, you can edit the policy in order to comply with your corporate policy, so that noncompliant computers, such as computers that don't run an up-to-date antivirus program, are blocked, or you can change the policy value to False, so that all endpoint computers are blocked.
Note
By default, the value of the SharePoint 2007 Upload Checkin policy is True, and it does not prevent upload operations from endpoint computers.
You edit policy components on the Advanced Policy Editor dialog box by doing one or more of the following:
In the Components list, click a component; a component can be either an existing expression or an existing variable. The selected component appears in the box on the right.
In the box, use VBScript-syntax free text in order to add or edit rules and rule components, as required; you can also delete rules and rule components in the box.
Use the AND, OR, NOT, and parentheses operators in order to create a combination of as many components as you require.
For more information, see "Endpoint Policies" in the Intelligent Application Gateway User Guide.
Note
You can use the Default Web Application Upload policy as a basis for your definitions.
On the Advanced Policy Editor dialog box, click OK, and then, on the Policies dialog box, click Close.
On the Application Properties dialog box, on the General tab, in the Upload list, click the SharePoint 2007 Upload Checkin policy, click OK, and then in the Configuration console, click the Activate Configuration icon.
The upload operations described in this topic's introduction will be blocked on the client side and on the server side, for endpoint computers that do not comply with the security policy that you define here.
Note
This procedure ensures full correlation of the SharePoint 2007 Upload Checkin policy on both the client and server sides. If you want to cancel the policy, you must take the following steps in order to ensure that the same conditions apply to both the client and the server:
To cancel enforcement of the policy on the server side, on the Application Properties dialog box, on the General tab, select an Upload policy other than SharePoint 2007 Upload Checkin.
To cancel enforcement of the policy on the client side, redefine the value of the policy SharePoint 2007 Upload Checkin as True.