Scripts for users on different subnet

Hello.. Sorry if this appears to be in the wrong group, but I thought I
would try here first.. We have users which are on a different subnet, are
members of our domain (W2k3) but don't directly log into our domain; they use
our Exchange server (2k3) for e-mail, etc. and authenticate this way to get
their e-mails. So all the authentication is done via Outlook (NTLM) to get
e-mail.

The place I work for is looking for a way to run a script, like a logon
script, on the machines to ensure they're running the latest AV defs, etc.
since they are coming onto our network to get e-mail and such.

Anyone know of a way to setup something like Network Access Quarentine
Control (NAQC) for them WITHOUT having them do it via RAS? Currently,
they're just being routed in to get access to the exchange server.

Greetings,

If the workstations are not logging into the domain there is no way to pass
down rules and policies, and without that function the ability to force an
application (script). If the users are only connecting to the Exchange
server and have no other access to your network then you might want to
consider investing in a Exchange Level antivirus product. This will ensure
that no users are passes viruses through your server.

Not to say what your asking is impossible, there might be a third party
solution that can check a computer, not on a domain, for a list of prereqs
before assigning it an IP. Maybe someone else can be more insightful.

Good luck,
--
Louis Vitiello Jr.
------------------------------
MCSE, MCSA, MCP, A+/N+
ERCP XP Pro / Net Concepts


"spookman" <(E-Mail Removed)> wrote in message
news:F6104ED2-D1ED-4003-813D-(E-Mail Removed)...
> Hello.. Sorry if this appears to be in the wrong group, but I thought I
> would try here first.. We have users which are on a different subnet, are
> members of our domain (W2k3) but don't directly log into our domain; they
> use
> our Exchange server (2k3) for e-mail, etc. and authenticate this way to
> get
> their e-mails. So all the authentication is done via Outlook (NTLM) to
> get
> e-mail.
>
> The place I work for is looking for a way to run a script, like a logon
> script, on the machines to ensure they're running the latest AV defs, etc.
> since they are coming onto our network to get e-mail and such.
>
> Anyone know of a way to setup something like Network Access Quarentine
> Control (NAQC) for them WITHOUT having them do it via RAS? Currently,
> they're just being routed in to get access to the exchange server.

Hello,

Thanks for the reply. Yes, we are running an anti-virus product on the
exchange server, but we sometimes do get things that slip through; not very
often though. And as you know, end-users do crazy things. One of which is
the outside sites which are using our exchange server for e-mail, uses a lot
of USB keys, etc.

I was looking at going the local VBS script route if there wasnt' any other
way.

Thanks.. -Jeff


"Louis Vitiello Jr." wrote:

> Greetings,
>
> If the workstations are not logging into the domain there is no way to pass
> down rules and policies, and without that function the ability to force an
> application (script). If the users are only connecting to the Exchange
> server and have no other access to your network then you might want to
> consider investing in a Exchange Level antivirus product. This will ensure
> that no users are passes viruses through your server.
>
> Not to say what your asking is impossible, there might be a third party
> solution that can check a computer, not on a domain, for a list of prereqs
> before assigning it an IP. Maybe someone else can be more insightful.
>
> Good luck,
> --
> Louis Vitiello Jr.
> ------------------------------
> MCSE, MCSA, MCP, A+/N+
> ERCP XP Pro / Net Concepts
>
>
> "spookman" <(E-Mail Removed)> wrote in message
> news:F6104ED2-D1ED-4003-813D-(E-Mail Removed)...
> > Hello.. Sorry if this appears to be in the wrong group, but I thought I
> > would try here first.. We have users which are on a different subnet, are
> > members of our domain (W2k3) but don't directly log into our domain; they
> > use
> > our Exchange server (2k3) for e-mail, etc. and authenticate this way to
> > get
> > their e-mails. So all the authentication is done via Outlook (NTLM) to
> > get
> > e-mail.
> >
> > The place I work for is looking for a way to run a script, like a logon
> > script, on the machines to ensure they're running the latest AV defs, etc.
> > since they are coming onto our network to get e-mail and such.
> >
> > Anyone know of a way to setup something like Network Access Quarentine
> > Control (NAQC) for them WITHOUT having them do it via RAS? Currently,
> > they're just being routed in to get access to the exchange server.
>
>
>