Over the last years, SEP location awareness has been admin’s friend: It enables security admins to configure different security policies that are automatically applied to computers depending on their environment.
In most cases, this is used to raise the client’s firewall, when the machine leaves the company’s protected network and connects to the internet via any kind of public hotspot.
I usually configure two locations in order to detect, whether the client is onsite (internal) of offsite (external).
The location “Internal” checks, whether the client has only private IP addresses configured and performs a NSLOOKUP to check, whether the DNS server is able to translate the SEP managers FQDN into a given IP address, which will most likely confirm, the client is in its own company’s environment:
- If all IP addresses of the client are listed below:
- 10.0.0.0; Mask: 255.0.0.0
- 172.16.0.0; Mask 255.240.0.0
- 192.168.0.0; Mask: 255.255.0.0
- 169.254.0.0; Mask: 255.255.0.0
AND Condition 2:
- DNS Lookup finds the IP address for <FQDN for SEP Manager>
- <IP for SEP Manager>
Note: the second condition does not verify, whether the SEPM is available. It is only a DNS lookup. So you don't have to worry about restarting the SEPM.
The location “External has no conditions at all, so it is active, whenever the conditions of location “Internal” are not met.
Unfortunately, there seems to be a bug in SEP 14.2. Clients using the settings shown above tend to change the location every few seconds or minutes.
After some troubleshooting, I discovered, how to circumvent that issue: In the first condition of location “Internal” I replaced the subnet entries by IP ranges and the “location flipping” ended.