We are running a small Citrix Farm with 80 Windows Terminal Device CALs.
We have 40 remote WBTs accessing the Farm via Web Interface for MetaFrame XP.
We have 25 remote Windows XP Pro workstations accessing the Farm via Web Interface for Windows XP.
We have 5 laptop Windows XP Pro road warriors accessing the Farm via Web Interface for Windows XP.
Quick math says that should leave us 10 CALs for emergencies and growth.
Not the case. All the CALs are gone and we have a ton of Temp CALs lurking around.
What is happening is that people in our WBT facilities who are authorized to access via their terminal are going home and accessing the farm from their PC's grabbing extra CALs.
These machines are all remote so we can't implement any kind of group policies or procedures. The "bad guys" are using home PC's which we have absolutely no control over. We have a written company policy that this shouldn't be done but... they do it anyway.
Is there any way we can prevent access from those "authorized" home users? I would prefer not to use IP filtering as we have people who travel in hotels and will have random IPs they access from.