Restrict unauthorized computers from accessing network

G

Guest

We have a large network running 2003 server and XP clients. Is there a way
to stop users from bringing in personal computers/notebooks and plugging them
in to the network? I know we can't PHYSICALLY stop them, but is there
something we can do to restrict their access to network resources? This
could apply to users that may or may not have a valid account. Is there
something in group policy that we could use or something related to computers
having to be joined to the domain? Thanks.....
 
S

Steven L Umbach

How about a computer use policy that restricts doing that and the user signs
a copy to keep in their file, has a copy for themselves, copies are posted
in prominent places, and there are stated and enforced consequences? Usually
after the first abuser is suspended for a week and is told they will be
fired the next time gets the message across. If the users are not paid
employees you may need to come up with other consequences.

Having said that technical solutions could be to use managed switches that
do mac filtering as many do where if the mac address is not in the allowed
list that network adapter is not allowed access to the network or to a
particular port. Usually the switch has a memorize mode so that you get it
to add the currently connected computers to the authorized list to make
managing such a list easier. 802.1X for wired networks is another
possibility to require computer authentication via certificates before
access to a port is allowed but it requires a PKI infrastructure and 802.1X
capable clients and switches. You also you ipsec to prevent non domain
computers from accessing domain computers that have an ipsec require policy
other than domain controllers. Microsoft has a white paper on using ipsec
for domain isolation as shown in the link below. --- Steve

http://www.microsoft.com/technet/security/topics/architectureanddesign/ipsec/default.mspx
http://support.microsoft.com/?kbid=254949 --- critical information about
implementing ipsec in an Active Directory Domain
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

restrict using registry 2
Stop users from browsing network 1
unauthorized access to laptop from net 2
Windows XP Allow certain websites and restrict the others 3
Allow Certain Websites and Restrict the others 0
Can you restrict access to ports via subnets in Windows Firewall?? 3
How can I restrict network to computers only in our domain? 17
Prevent non-VPN connected Internet access for external users? 7

Top