Stop non-authorised computers from accessing domain 1

[sanjit]

Hello All,

I need to stop users having valid accounts bringing in their own laptops running windows 2000, 95,98 and NT4.0 from logging onto and using our windows 2000 mixed mode domain services unless we authorise them to.

Please assist noting that I need to be able to use computers running the same operating systems to use the domain.

Can I restrict computers so that only ones with valid computer account names are allowed to login.
Thanks,
sanjit.

 

[Jpoandl]

Windows 2000 and NT need a computer account for the computer to join the domain. Therefore, make sure the end users don't have the ability to create computer accounts in the domain. By doing, this you will stop 2K and NT machines that aren't your build from joining the domian.

I don't think there is much you can do to prevent 9x machines from logging into you network.

You could probably write a logon script to alert you if someone if trying to logon to the domain with an UNKNOWN computername. But this would be hard to manage in a big environment.

-hpoe this helps. Joseph L. Poandl
MCSE 2000

If your company is in need of experts to examine technical problems/solutions, please check out

http://www.esavio.com

 

[Teknocrat]

The only way I can think of is through the DHCP server...You could bind DHCP issued IP address to the MAC addresses (NIC) on the office machines. Then only those machines have that IP address. You will need to restrict server access to only the DHCP Scope defined. You will probably need to set up some routing to drop packets from other IP's. Dont know if this is the perfect solution but just one that comes to mind.

Good Luck.

 

[mrbase]

i agree with teknocrat, it's the best sollution to predefine all the MAC adresses that you do want to allow acces to the domain. this automaticly excludes all the other nic's from obtaining a IP adress when they login.

grtz