Restrict VPN access based on computer name

We have a Cisco ASA that has VPN support.  Currently it authenticates via RADIUS based on the users domain user/password.  What we would like to do is also restrict access based on computer name so that users can only connect with corporate owned comptuers.  As such these computers would be a member of "domain computers".  For example if Jill Smith has a corporate laptop, she should be able to VPN from her house using the corporate laptop, but not using her personal computer.  Additionally we would like to be able to make a couple of exceptions for certain users such as the company owner.  I don't really want to have a rule that says "owner can connect with any computer" but rather have the ASA authenticate via the Domain Computers group and a custom list someplace where the connecting computer must be a member of one of those lists.
Any help with this will be greatly appreciated.
Who is Participating?
You can get an Advanced Endpoint Assessment License that provides you with many options as to how to recognize a computer, how to recognize whether it is a corporate or personal, whether it has updated anti-virus, etc before you allow it to connect.
The base Secure Desktop Manager will give you many of these capabilities, just not as fine of control.
It only works with SSL VPN access
Using the Registry or File criteria, you can specify a registry setting that identifies the computer as a domain member, or a specific file that identifies it as a corporate owned computer.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.