Click here to get back home

URGENT: Prevent from connecting Notebooks to my LAN
 HomeNewsGroups | Search | About
Login Password
Register Now!
 microsoft.public.windows.server.security    Post an article   get this group's latest topics as an RSS feed add this group's latest topics to your My MSN content add this group's latest topics to your My Yahoo content
Subject Author Date
URGENT: Prevent from connecting Notebooks to my LAN Jazmin Gutierrez 10-09-2007
Posted by Jazmin Gutierrez on October 9, 2007, 10:57 am
Please log in for more thread options
 :)
I see this applies in all countries & all companies.


> How do they make the people come to work on time? Make them do their
> work? Keep them from stealing the toilet paper? You just don't let them
> bring outside machines into the building, if they do then they have to
> stay in the bag, if they don't obey then have estblished "punishments" in
> place. If Management won't do that then you are wasting your time since
> I.T. people typically don't run the company.
>
> Networking equipment gets smarter all the time,...but networking equipment
> still is not a "babysitter".
>
>
> --
> Phillip Windell
> www.wandtv.com
>
> The views expressed, are my own and not those of my employer, or
> Microsoft, or anyone else associated with me, including my cats.
> -----------------------------------------------------
>
>> Is there anyway to prevent from connecting notebooks and PDAs to my LAN?
>> I heard that IPSec is the solution but I STILL have Windows 98 computers
>> in
>> my network.
>>
>> 1) Is is possible to apply IPSec only for Windows XP/Vista computers?
>> Most
>> notebooks have XP/Vista OSs.
>>
>> 2) How to prevent DHCP server to assign and IP address to an unauthorized
>> computer?
>>
>> 3) What other solutions do I have (that includes windows 98)? Maybe
>> MAC-Address based control? Is it included with Windows 2003?
>>
>> Thanks!
>>
>>
>>
>>
>
>



Posted by Phillip Windell on October 9, 2007, 11:13 am
Please log in for more thread options
 People will try to get away with anything they can if not stopped. Rules
are no rules at all if there is no willingness to enforce them.

I know the employment laws are different in different countries, but I don't
think any business would survive if it "let the inmates run the asylum".
Somebody has to be in charge and have the power to enforce thier job.


--
Phillip Windell
www.wandtv.com

The views expressed, are my own and not those of my employer, or Microsoft,
or anyone else associated with me, including my cats.
-----------------------------------------------------

> :)
> I see this applies in all countries & all companies.
>
>
>> How do they make the people come to work on time? Make them do their
>> work? Keep them from stealing the toilet paper? You just don't let them
>> bring outside machines into the building, if they do then they have to
>> stay in the bag, if they don't obey then have estblished "punishments" in
>> place. If Management won't do that then you are wasting your time since
>> I.T. people typically don't run the company.
>>
>> Networking equipment gets smarter all the time,...but networking
>> equipment still is not a "babysitter".
>>
>>
>> --
>> Phillip Windell
>> www.wandtv.com
>>
>> The views expressed, are my own and not those of my employer, or
>> Microsoft, or anyone else associated with me, including my cats.
>> -----------------------------------------------------
>>
>>> Is there anyway to prevent from connecting notebooks and PDAs to my LAN?
>>> I heard that IPSec is the solution but I STILL have Windows 98 computers
>>> in
>>> my network.
>>>
>>> 1) Is is possible to apply IPSec only for Windows XP/Vista computers?
>>> Most
>>> notebooks have XP/Vista OSs.
>>>
>>> 2) How to prevent DHCP server to assign and IP address to an
>>> unauthorized
>>> computer?
>>>
>>> 3) What other solutions do I have (that includes windows 98)? Maybe
>>> MAC-Address based control? Is it included with Windows 2003?
>>>
>>> Thanks!
>>>
>>>
>>>
>>>
>>
>>
>
>



Posted by Phillip Windell on October 12, 2007, 1:49 pm
Please log in for more thread options
>
>> People will try to get away with anything they can if not stopped. Rules
>> are no rules at all if there is no willingness to enforce them.
>>
>> I know the employment laws are different in different countries, but I
>> don't think any business would survive if it "let the inmates run the
>> asylum". Somebody has to be in charge and have the power to enforce thier
>> job.
>
> Exactly right! Of course, the responsibility for setting company policy
> does not belong to IT.
>
> And if IT were to apply a technological solution to unauthorized network
> connections (unauthorized by whom?), then one complaint from a user who
> claims to be inhibited in his ability to do his work is all it would take
> for the (rather weak-kneed) management to rule in favour of the user and
> against IT.

I do understand that.
I face it here as well sometime. I have a story or two I could tell that I
just don't feel I can tell in a public newsgroup.
If there was a really good solution for this I would be using it myself and
would gladly share it with the rest.

--
Phillip Windell
www.wandtv.com

The views expressed, are my own and not those of my employer, or Microsoft,
or anyone else associated with me, including my cats.
-----------------------------------------------------



Posted by Phillip Windell on October 9, 2007, 11:04 am
Please log in for more thread options
You could simply not use DHCP in areas of the building where they are doing
this,...or just unplug any wall jacks at the patch panel where there is no
official machine at that jack,..in other words don't leave live jacks
around.

If it is wireless, then you may have to limit the connectability to the WAP
by MAC Address since the users are probably going to know the WPA "key".

"User beatings" still work the best and make the greatest
"impression",...but "technical" solutions often just make the user "proud of
themselves" and feel like they have bragging rights when they find a way
around them, particularly when there is no incentive to obey the rules.

--
Phillip Windell
www.wandtv.com

The views expressed, are my own and not those of my employer, or Microsoft,
or anyone else associated with me, including my cats.
-----------------------------------------------------
Understanding the ISA 2004 Access Rule Processing
http://www.isaserver.org/articles/ISA2004_AccessRules.html

Troubleshooting Client Authentication on Access Rules in ISA Server 2004
http://download.microsoft.com/download/9/1/8/918ed2d3-71d0-40ed-8e6d-fd6eeb6cfa07/ts_rules.doc

Microsoft Internet Security & Acceleration Server: Partners
http://www.microsoft.com/isaserver/partners/default.asp

Microsoft ISA Server Partners: Partner Hardware Solutions
http://www.microsoft.com/forefront/edgesecurity/partners/hardwarepartners.mspx
-----------------------------------------------------



Posted by John Fullbright on October 10, 2007, 2:53 pm
Please log in for more thread options
The behavioral modification API is still a work in progress...


> You could simply not use DHCP in areas of the building where they are
> doing this,...or just unplug any wall jacks at the patch panel where there
> is no official machine at that jack,..in other words don't leave live
> jacks around.
>
> If it is wireless, then you may have to limit the connectability to the
> WAP by MAC Address since the users are probably going to know the WPA
> "key".
>
> "User beatings" still work the best and make the greatest
> "impression",...but "technical" solutions often just make the user "proud
> of themselves" and feel like they have bragging rights when they find a
> way around them, particularly when there is no incentive to obey the
> rules.
>
> --
> Phillip Windell
> www.wandtv.com
>
> The views expressed, are my own and not those of my employer, or
> Microsoft, or anyone else associated with me, including my cats.
> -----------------------------------------------------
> Understanding the ISA 2004 Access Rule Processing
> http://www.isaserver.org/articles/ISA2004_AccessRules.html
>
> Troubleshooting Client Authentication on Access Rules in ISA Server 2004
>
http://download.microsoft.com/download/9/1/8/918ed2d3-71d0-40ed-8e6d-fd6eeb6cfa07/ts_rules.doc
>
> Microsoft Internet Security & Acceleration Server: Partners
> http://www.microsoft.com/isaserver/partners/default.asp
>
> Microsoft ISA Server Partners: Partner Hardware Solutions
> http://www.microsoft.com/forefront/edgesecurity/partners/hardwarepartners.mspx
> -----------------------------------------------------
>
>



Similar ThreadsPosted
Connecting Three Domains/Forests August 5, 2008, 7:23 am
Re: connecting to vpn kills lan connectivity / vpn disconnect January 25, 2008, 1:35 pm
HELP! Error /w Wireless Client Connecting to Win2003 Server /w IAS, CA November 12, 2005, 4:31 pm
What is the difference between logging into an AD Domain versus connecting to network resource? January 26, 2006, 4:32 pm
No credentials [urgent] March 15, 2006, 10:45 pm
Urgent help needed. May 1, 2006, 4:25 am
URGENT!! certificate timestamp October 5, 2005, 11:32 am
URGENT: syskey utilization January 13, 2006, 9:02 am
GPO - password policy - Urgent February 2, 2006, 11:34 am
urgent please help ..microsoft event id +4199 June 29, 2006, 5:47 am

Our other projects:

Art Dolls, Fairies and Mermaids - Sunnyfaces.net

Roy's Linux, Programming and Search Engines messages

1-Script XML SitemapXML Sitemap