Re: restricting certain machines.

From: Steven L Umbach (sumbach_at_ameritech.net)
Date: 06/26/03 

Date: Thu, 26 Jun 2003 15:38:11 GMT

     You can use dhcp reservations so that the dhcp server only issues ip
addresses to machines that have approved mac addresses, but that will not
prevent some people from using manual tcp/ip configuration to access the
network. I believe there are switches that can control access by mac tables
and maybe even certificates, though I do not know what they cost. Your other
options include static addresses on your machines and then configure a
firewall or firewalls - hardware or personal to control access to the domain
contoller and/or the internet. I know that even some of the cheap cable/dsl
routers can control access to the internet by internal tcp/ip address.
Possibly ipsec filtering of domain computers [as a basic firewall configured
via group policy, be sure to move machines from default OU] or ipsec
authentication [AH header policy could be created, though there are issues
with a require policy on domain controllers] could accomplish control to
domain controller if all your computers are W2K or XP Pro. I think you and
others with similar problems should look into creating a strict signed
computer user policy with consequences and enforce it. A user putting an
unauthorized computer on your network puts your whole network at risk for
virus infection and compromise of data
avilability/integrity/confidentiality. --- Steve

http://securityadmin.info/faq.htm#harden
http://securityadmin.info/faq.htm#firewall

"namich" <tech@saba.edu> wrote in message
news:001901c33bf5$ad177d90$a301280a@phx.gbl...
> I run a small lan on a win2K platform.Lately I have been
> observing a number of unauthorised machines on my
> network.What I think is happening is most employees are
> connecting their personal laptops to the network.
>
> Is there a way I could configure my domain controller,or
> my dhcp server(not the same as my domain controller)to
> deny access of network or internet resources to these
> rogue machines
>
> Thanx

Relevant Pages

  • Re: EventID 1054 from Userenv for startup script
    ... So if you said "some machines don't have full access to the network ... at startup" the GPO's seems not to apply correct. ... startup script policy. ...
    (microsoft.public.windows.group_policy)
  • Local Security Policy problem - Reverts after reboot - xp sp2
    ... I have the post XP SP2 problem on various machines on our network, ... whereby the following permissions are missing from the Local Security ... network connections folder, basically all those acknowleded in MS KB ... Even if i amend a different policy it still reverts back to the old one ...
    (microsoft.public.windowsxp.security_admin)
  • RE: policy to enable login after network connection !! how ?
    ... Usually XP clients login with "Fast Login Optimization" engine. ... the users to wait till they got connect to Wireless network, ... Always wait for network before Logon> this policy only belongs to local ... Run Gpresult /v on one of the non-working machines and double check ...
    (microsoft.public.windows.server.active_directory)
  • Re: [fw-wiz] Firewalling at the domain users level instead of network level
    ... > users" level instead of network or ip level. ... If the firewall has to ask ... other machines on the network about information (such as looking up IP ... The second concern is a matter of policy: why do you want your firewall ...
    (Firewall-Wizards)
  • Re: Can find Vista box, cant share folders or printers.
    ... When I click 'Network' on the laptop the ... I've disabled Norton and Windows firewall entirely to make sure that's not ... public folder sharing - on ... start by running the Network Setup Wizard on all machines (see ...
    (microsoft.public.windows.vista.networking_sharing)
Quantcast