Click here to get back home

Prevent access to server for computers not part of domain
 HomeNewsGroups | Search | About
Login Password
Register Now!
 microsoft.public.windows.server.security    Post an article   get this group's latest topics as an RSS feed add this group's latest topics to your My MSN content add this group's latest topics to your My Yahoo content
Subject Author Date
Prevent access to server for computers not part of domain Stephen Bloomer 01-22-2007
Posted by Stephen Bloomer on January 22, 2007, 11:56 pm
Please log in for more thread options
 We run a W2k3 AD Domain with XP SP2 desktops. Is there a way to set a server
to prevent access to programs/files/shares etc if the computer is not part of
the domain without a complicated certificate system etc?

Our school is having problems with students connecting personal laptops by
using there username and password to access shares and copying/uploading
information.

Stephen

Posted by myweb on January 23, 2007, 2:53 am
Please log in for more thread options
 Hello Stephen,

What's about fixed IP's for the school and NO DHCP?

Also you can configure DHCP with vendor specific settings:
http://technet2.microsoft.com/WindowsServer/en/library/14afbdc1-b75f-4120-bfc4-193816ea4a6d1033.mspx?mfr=true

An more expensive way are manageble switches.

Best regards

myweb
Disclaimer: This posting is provided "AS IS" with no warranties, and confers
no rights.



> We run a W2k3 AD Domain with XP SP2 desktops. Is there a way to set a
> server to prevent access to programs/files/shares etc if the computer
> is not part of the domain without a complicated certificate system
> etc?
>
> Our school is having problems with students connecting personal
> laptops by using there username and password to access shares and
> copying/uploading information.
>
> Stephen
>



Posted by Stephen Bloomer on January 23, 2007, 5:36 pm
Please log in for more thread options
Thanks, but it won't work. we use ghost to image 100 coputers at a time.
Fixed ip would be impossible to manage and vendor classes can add extra
information but if a computer does not match those setting it defaults to
standard DHCP setting. I am looking into the idea from Roger.

"myweb" wrote:

> Hello Stephen,
>
> What's about fixed IP's for the school and NO DHCP?
>
> Also you can configure DHCP with vendor specific settings:
>
http://technet2.microsoft.com/WindowsServer/en/library/14afbdc1-b75f-4120-bfc4-193816ea4a6d1033.mspx?mfr=true
>
> An more expensive way are manageble switches.
>
> Best regards
>
> myweb
> Disclaimer: This posting is provided "AS IS" with no warranties, and confers
> no rights.
>
>
>
> > We run a W2k3 AD Domain with XP SP2 desktops. Is there a way to set a
> > server to prevent access to programs/files/shares etc if the computer
> > is not part of the domain without a complicated certificate system
> > etc?
> >
> > Our school is having problems with students connecting personal
> > laptops by using there username and password to access shares and
> > copying/uploading information.
> >
> > Stephen
> >
>
>
>

Posted by Roger Abell [MVP] on January 23, 2007, 11:10 am
Please log in for more thread options
You could address this via network access control, which will
also help you keep infected machines off your network, or you
could look into domain isolation (search MS site for same) based
on Kerberos associations.

> We run a W2k3 AD Domain with XP SP2 desktops. Is there a way to set a
> server
> to prevent access to programs/files/shares etc if the computer is not part
> of
> the domain without a complicated certificate system etc?
>
> Our school is having problems with students connecting personal laptops by
> using there username and password to access shares and copying/uploading
> information.
>
> Stephen



Posted by Stephen Bloomer on January 28, 2007, 7:05 pm
Please log in for more thread options
Thanks for the info. I am now looking into NAC, but it looks like most
options in that area will be out of out budget.

Steve
"Roger Abell [MVP]" wrote:

> You could address this via network access control, which will
> also help you keep infected machines off your network, or you
> could look into domain isolation (search MS site for same) based
> on Kerberos associations.
>
> > We run a W2k3 AD Domain with XP SP2 desktops. Is there a way to set a
> > server
> > to prevent access to programs/files/shares etc if the computer is not part
> > of
> > the domain without a complicated certificate system etc?
> >
> > Our school is having problems with students connecting personal laptops by
> > using there username and password to access shares and copying/uploading
> > information.
> >
> > Stephen
>
>
>

Similar ThreadsPosted
How to restrict file access to Domain Computers Only August 27, 2006, 9:55 am
prevent access to shared folder when not on a domain computer July 11, 2005, 8:50 pm
Right to add computers to a domain May 15, 2006, 5:08 am
Any way to see which computers a domain account is logged into? April 3, 2006, 11:44 am
Permissions for joining XP computers to domain July 25, 2006, 9:35 am
Single Server access to stand alone servers within domain June 26, 2008, 6:49 pm
Windows domain user is sometimes denied access to server share October 2, 2006, 5:07 am
Trusted NT domain users have full access to 2K3 server shares January 23, 2007, 6:51 am
Is Welfare Part of Capitalism? March 29, 2006, 11:16 pm
EFS and WebDAV - Secure Solution?! - Part 2 October 6, 2006, 3:44 am

Our other projects:

Art Dolls, Fairies and Mermaids - Sunnyfaces.net

Roy's Linux, Programming and Search Engines messages

1-Script XML SitemapXML Sitemap