Paul
Tue Mar 25 08:58:46 PDT 2008
This is what I understand the question to be:
"I want to restrict rogue systems to have access to servers on my
network, only systems that I allow to have access should be able to
'logon to the network'."
This can be done through IPSec policies in combination with Group
policies, but it's too much to explain in a simple E-Mail, hit the
books! It is discussed in the 70-291 exam and even more detailed in the
70-293 MCSE exam.
/ ) Regards,
/ /_________
_|__|__) Paul Weterings
/ (O_)
http://www.servercare.nl
__/ (O_)
____(O_)
Craig wrote:
> When you say you do not want them to be on the network, what do you
> mean? What is it you are trying to stop? anyone can plug the cable in
> a change the IP address to match the network.
>
>
> In article <uoT2v0ljIHA.3940@TK2MSFTNGP05.phx.gbl> "Bill
> Grant"<not.available@online> wrote:
>> I would put the DHCP server with the DNS server on a DC, rather
>> than with ISA.
>
>> I don't think that ISA server is what you need here. It is
>> designed to control how your LAN machines access the Internet, not
>> what happens on the LAN.
>
>> You appear to be searching for a way to control unauthorised
>> access to your LAN, but none of the methods you suggest will do that.
>> DHCP is designed to make it easier for machines to get on to the
>> network, not make it harder. The users would not need to know how to
>> configure the tcp/ip settings. DHCP would do it for them. That is
>> what it is for!
>
>> There is no way to control this through Active Directory. DHCP is
>> a very simple minded process. The client machine broadcasts on the
>> LAN and the DHCP server replies with an offer. Active directory is
>> not involved. Trying to keep people off your network using DHCP
>> reservations or MAC filtering is not the way to go.
>
>> "Allan M. Grafil" <agrafil@hotmail.com> wrote in message
>> news:%23vv9tFljIHA.4940@TK2MSFTNGP02.phx.gbl...
>>> Hi Guys,
>
>>> Hope Im in the right group.
>
>>> Im in a stage of fixing my network. This is my current setup.
>
>>> 1. I have an active directory server, which is mydomain.com,
>>> wherein also my DNS and DHCP is located.
>>> 2. My subnet is 255.255.255.0
>
>>> This is my idea.
>
>>> 1. Have these servers: (Need suggestions on these)
>
>>> a. AD Server with DNS Server - is this a good practice?
>>> b. DHCP Server with ISA Server - is this a good practice?
>
>>> Other concern:
>
>>> I want my network to have access limitations. Here is a scenario.
>
>>> 1. In our network, only managers can use their laptop to access
>>> our network and internet. It can be wired or wireless. Unauthorized
>>> laptop should or must not access our network. But from the way the
>>> network was setup, they can access it through wire. I can filter
>>> the wireless using MAC
>>> Address filter from the routers. But if they connect through wire
>>> and know
>>> how to config TCP/IP they can easily access our network. Can this
>>> be avoided through ISA? Is there a way to filter MAC Address
>>> through Active Directory?
>
>>> Hope you can help me on this.
>
>>> Thanks in advance.
>
>>> Allan
>
>
>
>
>