vpn quarantine for remote clients

[zenxen]

Hello,
I need some help, I would like to create a solution like in subject, what software do you suggest, it can be also a virtual machine. I would like to check system, antywirus, firewall whether they are updated and fresh.

 

[JimF_35]

What operating systems will the Servers and Clients be running? If Windows do you have a Windows Domain setup?

 

[zenxen]

I have VPN server based on Windows 2012, clients who connect to are various, win7,8,10, they connect from outside so they are not in domain. I'd like check their computers health and if they fulfill my requirements they will get access to network, if not there should be information to update computer and try again connect to.

 

[JimF_35]

If these computers are not a member of the domain, I am not sure how you are going to control the ACLs to your files unless you are using the Everyone ACL or make a VPN ACL for your files but that aside if they were joined to the domain you could do what you are trying through Group Policies...

https://technet.microsoft.com/en-us/library/cc728209(v=ws.10).aspx

Otherwise I think you can use NAP...

https://msdn.microsoft.com/en-us/library/cc754378.aspx

how to configure...

http://blogs.technet.com/b/scd-odtsp/archive/2013/05/14/microsoft-network-access-protection-simple-setup.aspx

Under the Computer Health Policy you can set these requirements that you are looking for.

 

[zenxen]

I will try explain what I want to achive, user connects to company network through VPN server which is some kind of gateway server, in this place user's computer should be checked whether is health or not, if yes, user get access to other server where can log on to the network and resources, if not there should be information, update computer and try again.
I'll check this NAP and maybe this will be something what I need.

 

[Alabalcho]

How you (from server side) are going to check remote computer health, if these computers are not part of the domain?

 

[zenxen]

I don't know yet and I try to find such solution. Cisco has something like Host Scan Image, but this feature is too expensive and I am looking for something let say cheap.