I found some info on this

From: Roger (wojerclark_at_yahoo.com)
Date: 09/19/03

• Next message: Pavan \(MS\): "Re: e-mail from Microsoft"
• Previous message: Pavan \(MS\): "Re: Spam filters against Swen for OE6"
• In reply to: Robert Moir: "Re: Can I do this with AD security?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Date: Fri, 19 Sep 2003 10:56:38 -0700

"When clients running Microsoft® Windows® XP use 802.1X-
enabled local area network (LAN) switches or wireless
access points to access the network , authentication
occurs before the DHCP server assigns a lease, thereby
providing greater security for DHCP." - From Microsoft
article "Security information for DHCP".

There is also a 802.1x client for Windows 2000.

>-----Original Message-----
>Roger wrote:
>> 1. If a new system or laptop gets plugged into the
network
>> I want the user to be authenticated before the system is
>> issued an IP address from the DHCP server.
>
>Not possible. DHCP doesn't work like that. Aside from
anything else, when
>DHCP issues an address, typically, no user is logged in
to be authenticated,
>and as no IP address has been issued there is no way to
communicate with the
>servers handling the authentication any way.
>
>
>> 2. Once the system is issued an address I want to make
>> sure it has virus protection and an up-to-date
definition
>> before it logs in.
>>
>> 3. If the system does not have the required software I
>> want to push it down to the client.
>>
>> Can this all be done through active directory?
>
>Points 2&3 can be done *if* the system is made a member
of the domain first.
>If thats a given, take a look at GPOs assigning login
scripts (to silently
>install/update your AV) and GPOs assigning MSIs (to
allocate software).
>
>
>--
>--
>Rob
>Microsoft MVP
>Windows Servers and Security
>http://www.robertmoir.co.uk
>
>
>.
>

---

• Next message: Pavan \(MS\): "Re: e-mail from Microsoft"
• Previous message: Pavan \(MS\): "Re: Spam filters against Swen for OE6"
• In reply to: Robert Moir: "Re: Can I do this with AD security?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Relevant Pages RE: Wireless Security Notes and Findings (from this list and other places) ... There are two general areas of wireless security: Authentication and ... authentication standard that works with wireless networks. ... client computer runs a client program to connect to the network with a ... (Security-Basics) Re: Blocking Access to web-based email ... > authentication page, authenticate, and then get full HTTP access without ... >> PCs on the network, ... you setup DHCP with reservations for their MAC and their IP is ... > But you don't want the NAT device assigning the IP, ... (comp.security.firewalls) Re: SecuRemote Client and Netfilter NAT ... I am not sure about this as I am unfamiliar with the aforementioned client, ... > box is NAT'ing the internal network using iptables 1.2.6a. ... > a packet analysis revealed that UDP 259 was needed for authentication. ... (Security-Basics) RE: 802.1x, Computers, Wired Security ... client to use EAP-TLS. ... Authentication-Provider = Windows ... Wired 802.1X Authentication failed. ... Network Adapter: Broadcom NetXtreme Gigabit Ethernet - Packet Scheduler ... (microsoft.public.windows.server.active_directory) Re: IIS 6.0 and 401.2 and 401.1 Errors ... > authentication -- client and server first negotiate authentication that ... > So, if you see repeated 401.2 for the same resource from the same client, ... > authenticated connection and instead RENEGOTIATING a new connection. ... > You can easily verify this by installing "Network Monitor" from Windows ... (microsoft.public.inetserver.iis)

---

We are proud to have Web Hosting and Rack Housing from 9 Net Avenue Deutschland.
(13)