rozmansi
commented
4 years ago The client should programmatically check, if:
- Automatic updates are enabled. Checking if the system is truly up-to-date would be too error prone.
- Anti-virus real-time scanning is enabled.
Both checks should be implemented querying built-in Windows Security centre.
Should any of the checks fail, client would refuse to connect to the "institute access", while still allowing "internet access".
A periodic check should be introduced to disconnect the client should security checks fail at later time.
The Activity Center in Windows reports anti-virus state & windows update states For specific VPN connections it has added value if the Windows host is up2date before the client connects. We need to discuss the details further.