Re: How to isolate laptops from domain until AV is current.

From: Leon Mayne [MVP] (l.rem.mayne_at_uea.ac.uk)
Date: 08/24/04 

Date: Tue, 24 Aug 2004 11:52:52 +0100

here's a good one wrote:
> Hello, I need some help! We are having a problem with
> users logging on to the domain with laptops that are
> infected. Is there a way to isolate systems until their AV
> definitions are brought current. We are using NAV
> Corporate Edition.

We've made a system whereby if an unregistered ethernet card is plugged into
the network then the dhcp server issues them an IP address from a temporary
pool which uses a separate dns server which resolves everything to one
machine. This machine has Apache on it with a 404 document that displays a
message saying they have not registered their machine, therefore when
someone plugs in their machine and tries to e.g. pick up their hotmail, they
get the message saying the need to disconnect . You could just leave it
there with instructions such as "Unplug your machine from the network and
bring your laptop to the IT support desk to have it checked and registered"
but we went a bit further and made an ActiveX scanner, so if the person's
computer is up to date, it will register them on the network. If not, it
will tell them to fix their machine first!

Relevant Pages

  • Re: Is VMS losing the Financial Sector, also?
    ... the web from the server. ... I suggested using only localhost or a private network but, ... In the Army we call that Risk Management and it can be applied to ... I was talking about business laptops that are locked down. ...
    (comp.os.vms)
  • RE: Home laptops on a corporate network
    ... Home laptops on a corporate network ... One of the advantages of using SMS for patch management is you can force ...
    (Security-Basics)
  • RE: Is VMS losing the Financial Sector, also?
    ... the web from the server. ... being used means that all IE and IIS related security patches need to be ... Don't allow them on your network. ... I was talking about business laptops that are locked down. ...
    (comp.os.vms)
  • Re: computer browser service wont start
    ... I've noticed that dnsApi is sometimes one of the things that starts early before everything it needs is actually working, e.g. the TCP/IP and network stack. ... In the situations I've seen the Event Log entry from dnsApi that you report, the computer did successfully register itself later. ... This assumes that the targetted DNS server can accept Dynamic registrations and the computer doing the dynamic registration is permitted to do so. ...
    (microsoft.public.windows.server.general)
  • Re: Unable to browse workgroup network
    ... it would be helpful to know exactly how the laptops ... Are the laptops using a wireless connection? ... did you run the Wireless Network Setup Wizard in Control ... > On the Dell PC, the one that can see both laptop, I can ping ...
    (microsoft.public.windowsxp.network_web)