Setting up Scenario One location awareness conditions

If you have remote clients, in the simplest case, it is a common practice to use the My Company group and three locations. This is Scenario One.
To manage the security of the clients in this scenario, you can create the following locations under the My Company group to use:
  • Office clients that log on in the office.
  • The remote clients that log on to the corporate network remotely over a VPN.
  • The remote clients that log on to the Internet remotely, but not over a VPN.
Because the remote location with no VPN connection is the least secure, it has the most secure policies. It is a best practice to always make this location the default location.
If you turn off My Company group inheritance and then you add groups, the added groups do not inherit the locations that you set up for the My Company group.
The following suggestions represent the best practices for Scenario One.
  1. To set up Scenario One location awareness conditions
  2. To set up the office location for the clients located in the office, on the
    Clients
    page, select the group for which you want to add a location.
  3. On the
    Policies
    tab, under
    Tasks
    , click
    Add Location
    .
  4. In the
    Add Location Wizard
    , click
    Next
    .
  5. Type a name for the location and optionally, add a description of it, and then click
    Next
    .
  6. In the list box, click
    Client can connect to management server
    from the list, and then click
    Next
    .
  7. Click
    Finish
    , and then click
    OK
    .
  8. Under
    Tasks
    , click
    Manage Locations
    , and then select the location you created.
  9. Click
    Add
    , and then click
    Criteria with AND relationship
    .
  10. In the
    Specify Location Criteria
    dialog box, from the
    Type
    list, click
    Network Connection Type
    .
  11. Click
    If the client computer does not use the network connection type specified below
    .
  12. In the bottom list box, select the name of the VPN client that your organization uses, and then click
    OK
    .
  13. Click
    OK
    to exit the
    Manage Locations
    dialog box.
  14. To set up the remote location for the clients logging in over a VPN, on the
    Clients
    page, select the group for which you want to add a location.
  15. On the
    Policies
    tab, under
    Tasks
    , click
    Add Location
    .
  16. In the
    Add Location Wizard
    , click
    Next
    .
  17. Type a name for the location and optionally, add a description of it, and then click
    Next
    .
  18. In the list box, click
    Network connection type
    .
  19. In the
    Connection Type
    list box, select the name of the VPN client that your organization uses, and then click
    Next
    .
  20. Click
    Finish
    .
  21. Click
    OK
    .
  22. To set up the remote location for the clients not logging on over a VPN, on the
    Clients
    page, select the group for which you want to add a location.
  23. On the
    Policies
    tab, under
    Tasks
    , click
    Add Location
    .
  24. In the
    Add Location Wizard
    , click
    Next
    .
  25. Type a name for the location, optionally add a description of it, and then click
    Next
    .
  26. In the list box, leave
    No specific condition
    , and then click
    Next
    .
    By using these settings, this location's policies, which should be the strictest and most secure, are used as the default location policies.
  27. Click
    Finish
    , and then click
    OK
    .