Deny access to other computers

Is there a way to deny access to people that are not added into my domain.
For example, a network with 300 computers. They are all added to my domain,
if someone then plugs themselves into my network how can i stop them from
accessing the internet and network resources?

Thanks

> Is there a way to deny access to people that are not added into my domain.
> For example, a network with 300 computers. They are all added to my domain,
> if someone then plugs themselves into my network how can i stop them from
> accessing the internet and network resources?
>
> Thanks

The best way to control plug of foreign PCs is to use 802.1x technology.
Most modern network equipment supports this.

Also you can place a firewall between your LAN and Internet, which would
require authentication from users (for example, place an ISA server).
And in your internal network you can deny anonymous access to all
resources - but this would require a lot of work.



--
With best regards
Nickolay Domukhovsky, MCSA

hi,
you can protect your servers,internet access but you cant protect all your
network(and have some speed). You can protect with IPSEC, firewall,proxy
with domain authentications. but there are some equpments wich you simple
cant protect(network printers).
802.1x it could be easy passed because there are some equipments wich dosent
suport 802.1x(printers,hubs for example) in fact the hubs are the biggest
problem of 802.1x .
--
Dragos CAMARA
MCSA Windows 2003 server


"Nick Domukhovsky" wrote:

> > Is there a way to deny access to people that are not added into my domain.
> > For example, a network with 300 computers. They are all added to my domain,
> > if someone then plugs themselves into my network how can i stop them from
> > accessing the internet and network resources?
> >
> > Thanks
>
> The best way to control plug of foreign PCs is to use 802.1x technology.
> Most modern network equipment supports this.
>
> Also you can place a firewall between your LAN and Internet, which would
> require authentication from users (for example, place an ISA server).
> And in your internal network you can deny anonymous access to all
> resources - but this would require a lot of work.
>
>
>
> --
> With best regards
> Nickolay Domukhovsky, MCSA
>

It's extremely obnoxious (however it works and provides no bandwidth
throughput), but there is a program used on the Cal Poly called Cisco
Clean Access that not only ensures that antivirus (you can specify
which antivirus program and which definition version) software is
installed, that windows is updated, etc. It also requires a logon and
password otherwise the internet and any network resources are entirely
unavailable. There is a program that was written by a Cal Poly
student that is called Freedom Key that can bypass this, but as with
anything else there are always flaws.

On Mar 23, 3:10 am, surfi2000 <surfi2...@discussions.microsoft.com>
wrote:
> Is there a way to deny access to people that are not added into my domain.
> For example, a network with 300 computers. They are all added to my domain,
> if someone then plugs themselves into my network how can i stop them from
> accessing the internet and network resources?
>
> Thanks

Is there an easy way without installing ISA server or buying new software?
For example the normal domain server recognising if the computer name is in
the domain and if not it doesn't give it an IP. I know this can be done
through the mac addresses but there are far to many computers in the network
for this to be done.

"Stephen" wrote:

> It's extremely obnoxious (however it works and provides no bandwidth
> throughput), but there is a program used on the Cal Poly called Cisco
> Clean Access that not only ensures that antivirus (you can specify
> which antivirus program and which definition version) software is
> installed, that windows is updated, etc. It also requires a logon and
> password otherwise the internet and any network resources are entirely
> unavailable. There is a program that was written by a Cal Poly
> student that is called Freedom Key that can bypass this, but as with
> anything else there are always flaws.
>
> On Mar 23, 3:10 am, surfi2000 <surfi2...@discussions.microsoft.com>
> wrote:
> > Is there a way to deny access to people that are not added into my domain.
> > For example, a network with 300 computers. They are all added to my domain,
> > if someone then plugs themselves into my network how can i stop them from
> > accessing the internet and network resources?
> >
> > Thanks
>
>
>