Prevent Domain Login

[Zane]

I have Windows 2000 AD - native and would like to prevent ANY computer from
using network resources such as Internet or domain access - HOW would I do
it?

I know I can restrict via:

(1) IP - I can hardcode - too much Administration - NO good
(2) PKI - machine certificates (I have an idea, but not sure)
(3) ISA Server - (not sure how to either)
(4) Third party app (NOT an option - must be MS inherent capabilities)

Again, the goal is, if they do not have certain criteria (domain based
machine - example) - they can not use network/domain resources.


You guys have the step-by-step or options? Thanks.

 

[Simon Geary]

No extra tools are necessary to prevent non-domain machines accessing domain
resources, this is an inherent capability of Active Directory, to grant or
deny access to domain resources based on domain membership. e.g. a machine
that is not a member of the domain will not be able to log on to the domain
or access a file share unless the user had a domain account and password.

Restricting access to a non-domain resource like the Internet is normally
accomplished with a Firewall, e.g. ISA Server.

PKI can be a very powerful and flexible tool when it comes to granting
access to resources but is a major undertaking to implement and not really
necessary by the sound of it.

 

[Zane]

Maybe, I did not ask correctly - WHAT in AD can allow me to do this withut
additional tools - what GPO? Thx