Cryptzone Support

 
If you wish to submit a support ticket please sign in to your customer portal or use the “submit a ticket” button at the top menu.
If you need to find documentation about our Sheriff Suite please login to the Hive- Click Here

 

Article

Allow password change & gp-update through AppGate SDP

« Go Back

Information

 
Article Number000002425
Article
If users are off the LAN, Windows cannot talk to the Domain Controller. This happens when you work from another location than the office, like travelling or working from home. With the right entitlements in place Windows users can change their password even from remote (if the context allows), and you can push group policy updates to the machine.

You will need to have the DNS servers in an entitlement, but usually you have done this earlier. Make sure they will be available to those users (check the filter/policy):

ALLOW TCP up 53 DNS1, DN2, DNSn
ALLOW UDP up 53 DNS1, DNS2, DNSn



Add the following in to an entitlement to make the Windows client machine and Domain Controller being able to talk to each other:

ALLOW TCP up 88,135,139,445,464,474,636,3268,3269,5200,5201,5722 DC1, DC2, DCn
ALLOW tcp down 88,135,139,445,464,474,636,3268,3269,5200,5201,5722 DC1, DC2, DCn
ALLOW udp up 88,123,137,138,139,389,474
​ALLOW udp down 88,123,137,138,139,389,474
ALLOW icmp up 0-255 DC1, DC2, DCn



Now the entitlement is in place, you might adjust your filter/policy to use the entitlement. Also, the entitlement will be picked up when the tokens are renewed. This happens either when tokens are expired, the admin revokes the user or the user logs-in-and out again. 
Related File 
Additional Files 

Feedback

 

Was this article helpful?


   

Feedback

Please tell us how we can make this article more useful.

Characters Remaining: 255