Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Chris Miller on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

windows workgroup , unauthorised workgroup notfy

Status
Not open for further replies.
3wsparky

3wsparky

IS-IT--Management
May 25, 2003
121
GB
I am looking for a solution/ pointer to a windows problem that we have.
I am a network admin of a large company who regularly has 3rd party suppliers on site ,they are trusted but are not allowed to connect there laptops to our switches they are also stupid

we have an issue where when we check our dhcp leases once a week there are lots of unauthorised addresses handed out, some are acceptable from users on other domains but not all.

im looking for a product that will monitor our domains "sussex & int" in the windows workgroup section and refresh every 5 mins or so , if it finds a new workgroup for example the default windows one "mshome or workgroup" or another unknown unpermitted wg then it should smtp an alert or net send to A: the client device telling them to unplug it or B: to my Desktop so i can rap there cat5 around there neck !

windows or nix solutions or howto pointers welcomed pref. nix as I love pushing open source solutions to my network.

i dont want this handed to me on a plate as this reads just some guidance where would be a good starting point.

Thanks
 
Sort by date Sort by votes
smah looks like the right tool but the exe is not avaliable for download :eek:(

i have been talking to a friend who suggested browstat and browmon have had a look at these but they dont seem to have the options i require , any more ideas ?
 
Upvote 0 Downvote
had a look at wbinfo , dont seem to offer much output that was of use ,

I have had a thought about net view /domain which gives a nice simple list of workgroups

so that is an option , if i could look at the output of this and run some form of statements on it

------------------------------------
DLAB
HOME
INT
WORKGROUP

ie if output = DLAB then next
else do something

if this is the case then i now need to be in the scripting forum unless anyone else has some ideas alternatives

thank you for your help so far people
 
Upvote 0 Downvote
Here's Look@Lan if you want to give it a shot. I'll only leave it up for a few days.
 
Upvote 0 Downvote
that is a great product , sadly it doesn't seem to contain any info on domains other than the one its in so its not the solution to the problem.

what i would like todo from what i have found so far is , run a cron job with some form of a bash script that will do a net view /domain and check the output of that to what it should see , if there are more workgroups in the output then it should trigger another process one would be to net send to my desktop the other if possible which i dont think it should be a problem is to net send the device in question to inform them that they may be breaking the IS Policy. my understanding of net send is that you have to be on the same domain but beleive the linux alternitive you specify the domain name you want to send to.

 
Upvote 0 Downvote
As far as I recall, LAL scans IP ranges, regardless of domain. After each scan, it will pop-up any new systems found within the specified IP range(s). If the rogue systems connect to your network, they'll be picking up an IP address from your DHCP range.

Regardless, I wouldn't rely on using net send to send a notice to the rogue system for several reasons - it's turned off on many systems, some don't even support it, any local software firewall can block it, etc.
 
Upvote 0 Downvote
I support a network with over 5000 clients across multi subnets so ip sweeps are not an option, agreed net send is not a great way to inform a rogue machine, that was more of a added addition with out much more effort, the net send to my pc is the important one so i can see where this device lays or of course some form of snmp agent would do that better , but as i cant get over the first problem then i might have to look at other options.

many thanks
Terry
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

montyzummer
  • Locked
  • Question
Backup Linux DIR to windows via NFS
Replies
4
Views
252
kjv1611
kjv1611
southbeach
  • Locked
  • Question
Running Windows based Applications - WINE
Replies
2
Views
140
ady2012
ady2012
bazil2
  • Locked
  • Question
Unable to mount Windows share due to error: can't read superblock - any ideas?
Replies
1
Views
358
RhythmAce
RhythmAce
Prattaratt
  • Locked
  • Question
Apache HTTP Server and WIndows 10
Replies
1
Views
115
vacunita
vacunita
Argonto
  • Locked
  • Question
2 Server Load Balancing and Fail-over Protection (Windows 2008 w/ xampp Apache)
Replies
2
Views
215
vacunita
vacunita

Part and Inventory Search

Sponsor

Back
Top