Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Script to stop/shutdown pc not in domain getting ip addy

Status
Not open for further replies.
Virtualuser

Virtualuser

Technical User
Aug 7, 2002
19
GB
I have trouble with some offshore engineers coming into my building with their own "home laptops" and pluging a network cable in them. With XP it generally lets you get on the net etc, and poses a security problem.

Is there a script or something that I could get/ attempt to write, that could (for want of a better description) detect a pc that is not in the company domain, and warn and then shut it down?

Hope I've explained it well enough for everyone.

Happy New Year to all Tek-tips posters by the way.

Aye Ready....well, maybe ;)
 
Sort by date Sort by votes
Virtualuser,
i would think that if they were not authenticated to the domain there would be no resources for them to utilize. are you running AD? do you have a proxy server set up?
regards,
longahir
 
Upvote 0 Downvote
No there isn't a proxy. If someone sits at a desk with their own laptop and plug a network cable into it they get access to the internet.

I would assume if they had the knowledge they could also try and get access to other things ON the network. Lastly they're bound to have a virus or 2.

Yes AD is running.

Aye Ready....well, maybe ;)
 
Upvote 0 Downvote
Virtualuser,
i would take a look at how ou hand out your ip addresses. like i said, if you don't authenticate to the AD you sould not be able to get out (in or anywhere else for that matter). take a look at what the guest group has access to.
look into getting some software (websense or such).
regards,
longhair
 
Upvote 0 Downvote
The MD's not keen on "Nanny" type software, likes to treat everyone as "adults".

So what checks the authentication? If I know that then I'm half way there (sort of)!!

Cheers for your help Longhair.

Aye Ready....well, maybe ;)
 
Upvote 0 Downvote
Virtualuser,
websense is not really 'nanny' sw. it can be, but can also be used to only allow people out at certain times, or not not allow certain people out. may be pricy though.
i would start out by seeing how they are logging in. see if you can see when they login, what user name? are they logging into the machine locally or the domain?
in AD / DHCP server you should be able to set it so if no authentication then pass a bogus ip range or bugus default gateway etc.
take a look at the w2k server forum here:
regards,
longhair
 
Upvote 0 Downvote
you wont be able to shut their machine down remotely unless they have an old OS, somethign like XP should prevent you from doing as you dont have rights to their machine, well i would so anyway :)

can you do something with ipaddresses? i heard about new tcpip security stuff doing the rounds? if you prevent them from getting an ipaddress then bang goes their fun.

other than that as has already been pointed out all your network resources should be require some sort of authentication to be used,,,AD, NT4, Novell etc etc etc
 
Upvote 0 Downvote
Don't know if this holds any water but... I read an article recently for "small library" networks.

The suggestion was: if you have a small enough network, you should make all the workstations IP's static instead of dynamic and shutoff DHCP to restrict access.

Again, I don't know if this is true or how "small" they were thinking was small.

If you want, just respond back and I'll track down the magazine.

--MiggyD

--> It's a bird! It's a plane! No, it's an OS update patch! Ahh!! <--
 
Upvote 0 Downvote
longhair, AD is independent of the router/gateway, unless you're using MS ISA or ICS as your router. Any machine that gets plugged into the network will be given an IP and susequently have internet access.
My thought is to setup an ISA server as a proxy to the existing router, and then setup a rule to disallow outside access to any computer not associated with an AD account.
But that would probably take a bit to set up.

This is the wrong forum for this question really, as there is no way you can make a VBScript run on a rogue computer you don't have admin access to.
 
Upvote 0 Downvote
I believe you can do this sort of thing from your network switches. I cannot remember what it is called which is useful (sorry), but I think it works on the following principle:

Your switches contain a manually inserted list of all of the MAC addresses of allowed PCs. If a rogue PC attaches itself to the network and is not in this list, the switch will not allow the PC access to the network.

Sorry I cannot be more specific.

-----------------------------------------------------
&quot;It's true, its damn true!&quot;
-----------------------------------------------------
 
Upvote 0 Downvote
Cheers Everyone

I'll have a look through the switches, TheLad.

I'll let you know what I find.

Aye Ready....well, maybe ;)
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

bdwilcox
  • Locked
  • Question
Script seeing input variable value as blank but sees hard-coded value 4
Replies
6
Views
538
bdwilcox
bdwilcox
bdwilcox
  • Question
Trying to adapt VBScript to search if machine is in an AD group 6
Replies
8
Views
812
SoftwareRT
SoftwareRT
Michastro
  • Locked
  • Question
Send an order to an IP power in VBS
Replies
0
Views
148
Michastro
Michastro
wchull
  • Locked
  • Question
How do I resolve this permissions error in my script?
Replies
0
Views
153
wchull
wchull
Alexvb6
  • Question
Deprecation of VBScript + Classic ASP: How to Ask Microsoft to cancel their planned craziness
Replies
0
Views
95
Alexvb6
Alexvb6

Part and Inventory Search

Sponsor

Back
Top