Re: Windows 2003 server Network Security
- From: "Shenan Stanley" <newshelper@xxxxxxxxx>
- Date: Fri, 23 Dec 2005 15:12:34 -0600
Larry Bird wrote:
> I want to lock down my network from PCs for Laptops outside the company.
> Basically I do not want anyone to be able to plug in his or her laptop
> computer via an RJ45 connection and have any access to resources without
> signing in with a valid userid and password. I don't want them to have a
> DHCP IP address to surf the Internet unless authorized via their userid
> and
> password.
>
> Where do I start to implement these restrictions?
Your DHCP server should be configured to give out IPs based off something
you control - or you should not give out DHCP addresses.. One or the other
would be the quickest.
You could look into 802.1x authentication in your AD environment - that is
an option as well - since you mentioned you wanted them to have some sort of
authentication first.
The most effective - by far - however, would be the limiting by MAC
addresses.. A little more management-centric - in that you have to know
every MAC address of every machine that should be able to get an IP from
your DHCP server. Not in that list - then they (for the most part - unless
they are hackers with a purpose) have to come to you to get that MAC address
added to allow them to get a DHCP IP address.
--
Shenan Stanley
MS-MVP
--
How To Ask Questions The Smart Way
http://www.catb.org/~esr/faqs/smart-questions.html
.
- Prev by Date: Re: Spyware method of infection? And is it still present?
- Next by Date: Re: Windows 2003 server Network Security
- Previous by thread: Re: Service running as Local system account Unable to map drive on ano
- Next by thread: Re: Windows 2003 server Network Security
- Index(es):
Relevant Pages
|
