Just wondering is there is a GPO or a way to force Windows 10 to connect via Direct Connect/VPN connection when connected to a Cellular Mobile/4G network. Also disable the users ability to disconnect the Direct Connect connection whilst connected to the mobile network/non corp network.
The issue is that all our laptops come with a mobile sim card that has direct public Internet access. This is not an issue whilst the user is connected via Direct Connect but they do have the ability to disconnect this and thus give them full public internet access.
Something like if the DA is not able to see the NLS server it forces itself onto the user and does not allow the option to disconnect DA.
Any help would be appreciated.
*EDIT* Basically we do not wish for the users to have any connectivity outside of the corp network unless its via VPN.
So if the mobile network is connected, the VPN is forced onto the user. If the VPN fails to establish then no connectivity to anything.
I’m thinking if you add a startup script to start the VPN connection, that might work out for ya. The next hurdle would be making it so the users can’t/won’t disconnect. However, forcing an always on VPN would be bad because if the VPN is out, then they can’t connect to anything. However, you’d force the users into a secure connection.
I keep hearing this recommended once a week on here.
But I have to ask, why do you think connections to your vpn are more secure than a public connection with properly setup firewall rules and locked down group policy?
Was hopping there was more of a turnkey solution. Don’t really want to use custom scripts in Task Schedule on a tight loop. GPO preferred but if that means enterprise level 3rd party app, so be it.
The users not having any connectivity if the VPN is out is not an issue, if anything from a security stand point a plus.
For the wireless we can set so they can only connect to corporate SIDs but we need to restrict thier Mobile/4G connectivity.
How do you deal with your users when they go out onto the public internet, download what ever they wish and end up pulling in a virus or crypto locking there laptop?
How do you prevent that?
Is there is an alternative way of restricting what users can do over mobile/Cellular/4G public connections?
Have a GPO set a to your DNS server. Then users can never will not be able to get on the internet with out using the VPN. The bad thing is this only DNS so any thing that uses IP such as malware.
