+ 0 Votes Secure your network robo_dev 6 years ago Enable mac-address restrictions in ethernet edge switches.Disable DHCP and assign static IP addresses (not really a deterrent for most people).Disable unused ethernet jacks.Implement NAC (network access control) from Cisco and/or Microsoft.Install security cameras, armed guards, create a policy to forbid it, etc. + 0 Votes clarification wesley.chin 6 years ago I am confused. Where are the rogue PCs? Are the rogue PCs random or on the intranet? What is the OS?If the rogue PCs are intranet, allow no exceptions in the Windows Firewall (if Windows is the OS). If not intranet, get a good hardware firewall. + 0 Votes clarify: Do you mean wired or wireless? robo_dev 6 years ago And do you mean physical access or logical access?I assume that you meant wired-physical access, but you know what happens when you assume.... + 0 Votes ways to control access JohnBHeller 5 years ago Hi,Sounds like you could use a proxy server. Microsoft and several other companies make them. The homepage for the microsoft proxy product now called ISA server is http://www.microsoft.com/forefront/edgesecurity/isaserver/en/us/default.aspxThere are many others on the market too. I have used one called Proxy plus that was very good.Running a network with students invloved is a contant challenge. They are always expoiting any weaknesses that you leave open. Unfortunately there are a lot of resources and information that they can find via a search of the internet.For a proxy server to be sucessful, you will need to restict access to the router on the common ports such as port 80. Redict incoming packets to the proxy server so that they can't just type in the direct routers ip address to bypass the proxy. Put in an ACL to the router so that only certain hosts can communicate with it. If possible, connect the router directly to the proxy server on a seperate ethernet card, so that they is no direct access to the router. This depends on what other site access you allow ie staff being able to VPN in from home.With ISA server you can set up access rules based on usernames and groups to restirct or stop internet access. Of course the server also logs web sites visited and allows you the ban sites too. It caches websites, and speeds up access to commonly accessed pages too.I'd imagine that there are some good forum sites devoted to IT managers based in schools where you can swap hints and horror stories.I personally know the IT manangers of two local highschools, so i can probably put you in touch with them if you need more specific information.