Subtitles of the Movie

The next Policy Setting in the Web Resources Group is to Download. This setting allows users to download documents and Email attachments as HTML documents and then save them on their local workstation. The Email as Attachment Policy allows users to access, attach, and send Email attachments from their location on a remote server to recipients using their Web-based Email Resource without downloading the attachment to the local client device, meaning that if you have an attachment on a File Share Resource someplace, you can specify that file on the File Share Resource or on a remote website as the attachment for your Web-based Email. Web-based Email Resources are not covered in this course for the simple reason that I don't have access to a Microsoft Exchange or a Lotus Note Server. The next option is File Type Association. The file Type Association allows you to open documents, such as Word documents or Excel documents that happen to be on websites on your Presentation Server Farm servers in the hosted environment. This setting heightens security because you don't have to download the document to your local workstation to open it; you're opening it on a professionally maintained professionally virus-sweptetc. . , server that's in your Presentation Server Farm. HTML Preview is what we alluded to when we first set up the Access Gateway software. This allows you to view non-HTML documents in an html format. For example, if you have a Word document that's on a website, you can view that in your Web Browser without having to open it up in Word or without having to download it locally. The last option under Web Resources is Live Edit. Live Edit allows users to edit remote Microsoft Office documents through a Web Browser using applications installed locally on the client device, kind of like in Share Point when you select to edit a document in a SharePoint Library, it opens that document on the SharePoint Server in your local copy of Word or Excel, or whatever. This option will deny that if you have it set. We have very similar options for File Shares with the addition of this option, the Upload option, which allows users to take documents that are stored on their local PC and upload them to the File Share through the Access Server Farm. If we look at the Web-based Email Policies again you'll see all of the policies we've looked at before as well as the Email Synchronization, which only has the Access Policy. And then we have a different policy, which is the Allow Logon Policy setting. Now the Allow Logon Policy setting can be very dangerous if used incorrectly, to be quite honest, but it can also greatly enhance the security of your Access Server Farm. It takes a little bit to wrap your head around, but once you wrap your head around exactly what the Allow Logon Policy does you'll use it almost on a weekly basis when you're setting up your initial Access Server Farm. Very simply put, if the Allow Logon setting is not selected this Access Policy does not control whether users are allowed to logon. If the Allow Logon setting is included in an Access Policy, the Allow Logon setting controls whether users are allowed or denied logon privileges through the policy. For example, you can create a Logon Point, you can create one or more policies that grant Domain Admins access to resources, and then include in the policies the Logon Point that can be used to access the resources and this Allow Logon setting, and the net result of that is you've created a Logon Point that can be used only by members of the Domain Admins group to access only the resources that are defined in the policies, meaning that even if you're in the Domain Admins Group and you use a different Logon Point, for example, one that's exposed to the Internet, you may not have access to all of the same resources as you do if you use a Logon Point that's only exposed to the internal network, thereby securing your network from outside hackers potentially because even if they have those credentials, if they're coming in from the outside they can't get off on that Logon Point. So now that we've looked at all the Policy Settings we'll hit Next and we're prompted to select the Filter to apply for this policy, and you'll see that in here are our Access Filters. Again, we only have the two, but you can see that you can create multiple filters and say, for example, you can allow URL rewriting only if you're running Internet Explorer 6.0 or greater, and that's where you would set up that filter before this and apply it at this point. Again, you can create a new one here, but it's best to create that beforehand when you're not thinking about your Access Policies. You hit Next, and this is where you can select the users and or groups to apply this policy to. If you don't choose anyone in this dialog box, or you don't choose this Apply the policy to all authenticated users box in this dialog, then kind of counter-intuitively, this policy applies to no one, meaning that you've set, you've given the Engineering Group all this access and all of these policy settings, but if you don't assign it to them, then they won't get it. It doesn't know what you want it to do, and it's not going to assume. In this case we will do the same as we did before, we'll hit Add, hit Locations, fill in our Domain Credentials, choose vtctraining.com as our Domain and put Engineering as our Group. Alright, we've done this, we click Finish, and now we have the Engineering Web Resource Policy. And this concludes our discussion of Access Policies.