Re: how to restrict dhcp to authenticate domain users ?
From: Roger Abell (mvpNOSpam_at_asu.edu)
Date: 12/10/04
- Previous message: Roger Abell [MVP]: "Re: DCOM Access Permissions"
- In reply to: lmpbas: "how to restrict dhcp to authenticate domain users ?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Thu, 9 Dec 2004 17:41:35 -0700
The real problem here is that you have a catch-22: before the
machine has an IP you really cannot tell much about what it is
or what account is in use on it.
One solution that has not been mentioned is use of a quarantine
vlan, to which the dhcp clients have initial access. If subsequent
tests are passed, they are then allowed out, and one of these test
would be that the machine is domain joined or also that machine
local accounts are not available for local login, only domain accts.
Now, if someone can walk into the building lobby and plug in,
and the network is not switched, then the only controls in the
network are MAC based, then they will walk around you sooner
or later, given some time or determination. So, to make a solution
really sound, you need something like 802.1x, and then gate access
with the quarantine vlan.
-- Roger Abell Microsoft MVP (Windows Security) MCSE (W2k3,W2k,Nt4) MCDBA "lmpbas" <lmpbas@yahoo.com> wrote in message news:OBd3%23sg3EHA.3336@TK2MSFTNGP11.phx.gbl... > We are having problem with people bringing their Laptop into the LAN. They > are unable to access the resources but they are able to surf. > How to restrict dhcp to authenticate domain users ? > Any ideas ? > > Thanks > lm > >
- Previous message: Roger Abell [MVP]: "Re: DCOM Access Permissions"
- In reply to: lmpbas: "how to restrict dhcp to authenticate domain users ?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
