prevent unauthorized laptops from using a network

A

Arnold

I am sorry, but I am new to windows2000, I've been using Linux for last
couple of years. Brought in to help client with their unix envoiroment, they
asked me if I could do this too.

How do I prevent unauthorized laptops from using a network that uses
DHCP for dynamic addressing? I do not want users coming in with laptops from
home (because they don't like thier Gateway desktops) and plug into any port
and get an IP address and be able to logon to my network.

I run Win2000 Server
I have WinXP& Win2000 pro for desktops.

Thank you
Arnold
 
C

Curtis Clay III [MSFT]

Hello Arnold,
At present there is no option to do this within Windows.

This posting is provided "AS IS" with no warranties, and confers no rights.
 
M

Matt Pasquale

Arnold,

I haven't a clue how to approach this from a server standpoint, but some
switches have security settings you can enable. My Cisco switches, for
example, have a port-level security setting that allows them to lock down a
particular port based on MAC addresses. This certainly isn't foolproof,
though, since many network cards allow you to change their MAC addresses.

matt

(remove all uppercase letters from my email address to reply)
 
S

Steven L Umbach

Other than control at the switch level, if you are using a W2K domain you could
implement ipsec with a "require" policy. The result is that non domain computers
would not be able to access those computers with a require ipsec policy due to the
fact that kerberos machine authentication would fail. You would have to make sure
that you disable the ability for authenticated users to add workstations to the
domain however of which they can do ten times by default. Also there is a limitation
with domain controllers in that from what I know currently will not work with a
require policy and other domain members that will require a separate rule to exempt
ipsec traffic between them and domain memberrs.. You could configure ipsec to use AH
only to reduce the overhead of ESP encryption. This will not prevent them from
getting a dhcp ip address which in itself has limited security value as a user could
simply configure their computer with static ip info to access the network. Also
consider a strict user policy with defined consequences and check with the powers
that be that it will be enforced. --- Steve

http://www.microsoft.com/windows2000/techinfo/planning/security/ipsecsteps.asp
http://support.microsoft.com/default.aspx?scid=kb;EN-US;254949
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

prevent unauthorized laptops from using a network 3
File sharing on a home network. 5
Accessing Outlook from network computers 2
Help before I trash 2000 3
how to prevent unauthorized machine from receiving DHCP 3
Restrict client DHCP Leases 2
Restrict DHCP Leases 1
Restrict Router Use 5

Top