Questions

Internet and Windows server 2003

+
0 Votes
Locked

Internet and Windows server 2003

Keystones
Currently I have an AD, with DNS, DHCP, and NAT installed.
All of the windows xp home clients on the network (not logged into domain), have access to all internet facilities.
How do I stop computers which are not logged into the domain by some form or another from gaining access to NAT or Internet?
  • +
    0 Votes
    NormH3

    Does this domain have XP Pro/2000 clients that are members of the domain? Do you only want member clients to access the internet?

    +
    0 Votes
    Keystones

    There are two XP pro clients who are members, and so far they have internet but I don't think I have any control over that aspect due to the fact of windows server NAT allowing non members access.
    It would make life easier if only member clients had internet access

    +
    0 Votes
    NormH3

    For your member clients, use static IP adresses, DNS and gateway information. With only 2, it should be very easy to manage. With the XP Home clients, you could use DHCP for addressing but use a dummy address for the gateway.

    +
    0 Votes
    Keystones

    i can use dhcp the same for everyone if the user login scripts are set up to give the users the correct gateway. but still the problem comes into effect that i cannot quickly stop access to the internet via the ad because the login script would have to start on the client... so no matter what the user account has been priviledged everyone can still gain access to the internet, any suggestions?

    +
    0 Votes
    Keystones

    i can use dhcp the same for everyone if the user login scripts are set up to give the users the correct gateway. but still the problem comes into effect that i cannot quickly stop access to the internet via the ad because the login script would have to start on the client... so no matter what the user account has been priviledged everyone can still gain access to the internet, any suggestions?

    +
    0 Votes
    don.bouchard

    IT DEPENDS UPON IF YOUR COMPUTER IS A STANDALONE, A HOME NETWORK, OR A BUSINESS NETWORK. FOR THE STANDALONE YOU WANT TO HAVE FULL ACCESS TO GAINS OF USING ALL YOUR SYSTEM WITHOUT FAULTS.

    COMPUTERS THAT ARE NOT LOGGED IN JUST SIMPLY AREN'T...

    +
    0 Votes
    Greybeard770

    Why are there computers that are not logged into the domain? Are they computers you control or are they visiting computers that are not domain members? Is the real problem unauthorized people using company computers?

    You can use the IPCONFIG /SETCLASSID functionality (http://support.microsoft.com/kb/235272 is a good start) to assign functional DNS servers for computers you want to have external access. That becomes a permanent setting even if that computer does not login to the domain.
    Give us some more details about your network. Is it sub-netted? Where does the NAT come from?

  • +
    0 Votes
    NormH3

    Does this domain have XP Pro/2000 clients that are members of the domain? Do you only want member clients to access the internet?

    +
    0 Votes
    Keystones

    There are two XP pro clients who are members, and so far they have internet but I don't think I have any control over that aspect due to the fact of windows server NAT allowing non members access.
    It would make life easier if only member clients had internet access

    +
    0 Votes
    NormH3

    For your member clients, use static IP adresses, DNS and gateway information. With only 2, it should be very easy to manage. With the XP Home clients, you could use DHCP for addressing but use a dummy address for the gateway.

    +
    0 Votes
    Keystones

    i can use dhcp the same for everyone if the user login scripts are set up to give the users the correct gateway. but still the problem comes into effect that i cannot quickly stop access to the internet via the ad because the login script would have to start on the client... so no matter what the user account has been priviledged everyone can still gain access to the internet, any suggestions?

    +
    0 Votes
    Keystones

    i can use dhcp the same for everyone if the user login scripts are set up to give the users the correct gateway. but still the problem comes into effect that i cannot quickly stop access to the internet via the ad because the login script would have to start on the client... so no matter what the user account has been priviledged everyone can still gain access to the internet, any suggestions?

    +
    0 Votes
    don.bouchard

    IT DEPENDS UPON IF YOUR COMPUTER IS A STANDALONE, A HOME NETWORK, OR A BUSINESS NETWORK. FOR THE STANDALONE YOU WANT TO HAVE FULL ACCESS TO GAINS OF USING ALL YOUR SYSTEM WITHOUT FAULTS.

    COMPUTERS THAT ARE NOT LOGGED IN JUST SIMPLY AREN'T...

    +
    0 Votes
    Greybeard770

    Why are there computers that are not logged into the domain? Are they computers you control or are they visiting computers that are not domain members? Is the real problem unauthorized people using company computers?

    You can use the IPCONFIG /SETCLASSID functionality (http://support.microsoft.com/kb/235272 is a good start) to assign functional DNS servers for computers you want to have external access. That becomes a permanent setting even if that computer does not login to the domain.
    Give us some more details about your network. Is it sub-netted? Where does the NAT come from?