It depends upon the uniqueness of your Domain name, but I would never use this scan on it's own. I've blogged this here: http://www.jhouseconsulting.com/index.php/blog/2008/01/08/the-myth-surrounding-various-end-point-analysis-scans/ Simply create a Custom Filter called "Trusted", that contains the output of various EPA Scans. Then create a Connection Policy and add the "Trusted" filter to it. Therefore if the output of the EPA scan is True, they will be able to use the Secure Access Client. If it's False, then will just provide the user will access to the traditional Web Interface style interface, or whatever else you want to publish. My definition of a Fully Trusted device means... - Must be a member of your Domain. - Must have the "YourCompany_Asset" registry key as explained in the above article. - Must have the required AV installed and and minimum required pattern and program versions. - Must have the appropriate Service Pack level relevant to the OS. eg Windows XP requires SP2. - Must have the appropriate Hotfixes installed on top of the service pack. Hope that helps. Cheers. Kind regards, Jeremy Saunders Senior Technical Specialist Infrastructure Technology Services (ITS) & Cerulean Global Technology Services (GTS) IBM Australia Level 1, 1060 Hay Street West Perth WA 6005 Postal: PO Box 525, West Perth WA 6872 Visit us at http://www.ibm.com/services/au/its P: +61 8 9261 8412 F: +61 8 9261 8486 P: (Reception) +61 8 9261 8420 E-mail: M: TBA jeremy.saunders@xxxxxxxxxxx From: Saravanan Srinivasan <sarav2k@xxxxxxxxx> To: thin@xxxxxxxxxxxxx Date: 11/01/2008 06:39 AM Subject: [THIN] Re: need some help.... Try this. Configure the user to access VPN using a vpn logon point and the default page should be your WI page for apps. Create a end point scan for domain ID and a filter with this scan. Now when you create access policy for VPN use this filter. If the user is using Company pc \ laptop which has joined domain, it gives SSL vpn otherwise only the WI page. The key is the end point scan and filter depends on your checking... "Chad Schneider (IT)" <Chad.M.Schneider@xxxxxxxxxxxxx> wrote: CAG AAC What if, I wanted to configure this, so a user with a corporate laptop, can access via the SSL VPN, but if that same user connected from, say, their home PC, they would only get published apps. and such? It appears you EITHER get VPN OR the logon point info. I know I am missing a simple setting here. Chad Schneider Systems Engineer ThedaCare IT 920-735-7615 ************************************************ For Archives, RSS, to Unsubscribe, Subscribe or set Digest or Vacation mode use the below link: //www.freelists.org/list/thin ************************************************