We apply a standard corporate image to PCs.
Our End Users do NOT have local Admin Rights to any Corporate PC, Prevents Malware and (most) unauthorized software installations.
We have many users now that do NOT return into the Corporate LAN.
We have been using SSL Extender -- but supporting the client has become difficult. It requires Admin Rights to install **and** update when a new version of CP Firewall is released. This includes the "Check Point Mobile Certificate" that the SSL client apparently needs in the user's Trusted Root Certification Store - users can not update this Cert store. Past Workaround has been modifying the text files on the gateways so that SSL VPN connection release does not try to update. I can't express the huge disruption this causes for our Help Desk staff in the past after a Gateway upgrade and all our Remote users can no longer VPN using the SSL Extender. There has to be a better way....
We found the Check Point Capsule VPN in the Microsoft Store. We have been moving Remote Clients over to it as it does not require Admin rights. I understand it is a "wrapper" for the native Windows VPN.
Unfortunately I have an IT Tech that the Capsule client has stopped working -- just times out. There appears to be nothing in the Add / Remove programs to uninstall or in any MS KB that could lead us to resolving the issue. Going back to MS Store and it detects it is already installed (just shows the "Open" button). I have entered a ticket into support -- and I am hoping that we don't get caught into finger pointing situation between Check Point and Microsoft to try to fix it.
Ideally, I'd prefer some more permanent solution where a CP VPN client can be installed / updated on any user PC without requiring Admin rights -- especially on PCs that never return inside the Corporate LAN. Suggestions welcome!