Apply IPSec policy per user, not per computer

[snowdog_2112]

I have a Win2000 AD Domain.

I would like to apply different IPSec policies to some computers based
on the logged on user, rather than applying the IPSec policy to the
computer regardless of the logged on user.

For example:
ComputerA
Block all Internet traffic *except* some company-approved sites (i.e.,
work related) for any user, but allow an administrator on ComputerA to
access the internet.

The bogus proxy server setting in the user config will not work for me.

Is this possible using IPSec? Is there another way to achieve this?

 

[Steven L Umbach]

Not really. Ipsec is computer configuration. I suppose you could create
ipsec Group Policy logon and logoff scripts for users but the user would
need to be a local administrator which most of use want to avoid and allow
the user to undo any restrictions. Others have reported success with
tweaking bogus proxy settings otherwise you may need to look into using a
firewall like ISA 2004 from Microsoft that can have firewall rules based on
user or group membership. There are also personal firewalls like Portsblock
that can have different firewall settings based on user logging on. ---
Steve

http://www.protect-me.com/pl/ --- info on Portslock

 

[Roger Abell [MVP]]

Windows does not support that usage, and, that usage is
outside the design scope for IPsec.
As Steve points out, user identity based control of access
to external sites is usually done with some type of proxying
application/server.