Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Blocking non domain users access to internet

Status
Not open for further replies.
dgallegos

dgallegos

MIS
Aug 22, 2003
28
US
I need to be able to block anyone who brings there personal laptop into the office from the internet. i dont think that Microsoft DHCP can stop this and i know that isa does but the company cant afford the software is there a way to setup the scope so that only computer names already on the domain have access and that no one with external personal notebooks have no access.

TIA
 
Sort by date Sort by votes
MS DHCP can be configured manually to only give out DHCP addresses to pre-defined MAC addresses. This would help your problem....but would take you tons of time configuring each MAC addresses for your DHCP scopes.

The only other way, I can think of is to install a FIREWALL or proxy server.



Joseph L. Poandl
MCSE 2003

If your company is in need of experts to examine technical problems/solutions, please contact (Sales@njcomputernetworks.com)
 
Upvote 0 Downvote
How about a written security policy the prohibits the use of personal devices on your network. Outside devices on your wire is a disaster waiting to happen.

With that said... Jpoandl's suggestion is the best way. MAC address filtering. This can also be done on most managed switches. So if a non-business MAC address attempts to get on the wire, the port that the jack is attached to will block all traffic. We have used this and it really raises the blood pressure of the offending users.

just some thoughts

scottie
 
Upvote 0 Downvote
hey guys, I am having the same problem, some of my users are bringing their personal laptops into work and surfing... I to do not have the money to install ISA but I do however have a firewall.

What would be the best way for me to stop any machine that is not a member of the local domain getting an IP address?
(I feel that getting the DHCP scope to only allow certain MAC Addresses will create to much maintenance... is there anything else?).

Thanks in advance

Mswilson
 
Upvote 0 Downvote
You could give all your PCs static IPs and setup DHCP to only give out a small range so the laptops would be given a dhcp address from the server. Now configure your hardware firewall to deny http traffic from the lan to the wan for that small IP range. Depends how big your company is though.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

goombawaho
  • Locked
  • Question
Domain join from wifi connected laptop
Replies
4
Views
351
goombawaho
goombawaho
tscstl
  • Locked
  • Question
access to local folder
Replies
1
Views
122
hairlessupportmonkey
hairlessupportmonkey
nukeinfer
  • Locked
  • Question
Internet restrictions for isolated PCs in the Network
Replies
1
Views
197
mangentle
mangentle
MattM1975
  • Locked
  • Question
Domain Admin Logon 1
Replies
2
Views
133
ADB100
ADB100
DTGMI
  • Locked
  • Question
WIN 10 Pro PC & Adding back to our Network
Replies
0
Views
190
DTGMI
DTGMI

Part and Inventory Search

Sponsor

Back
Top