General discussion

Locked

Denying an IP address

By jasonbis ·
We are running windows 2000 and XP computers on a novell network. We keep all the machines updated and virus free but some users bring their laptops in and hook them up to the network and spread viruses because those laptops are not patched. They are allowed to do this but they are supposed to make sure they are up to date. The problem is they don't have to actually log in to novell. They can log in workstation only and get access to internet and email which will still spread a virus on our network. What I want to know is if there is anyway to deny them an ip address if they don't have certain patches and virus definitions. When they check the workstation only box they can't access network drives but they still get an ip address which I don't want. When they boot up I want something to tell them they aren't patched and they need to contact us or simply the dhcp server won't give them an address and if they want on they will have to call us. I hope this makes sense. I don't even know if it's possible. I can't just put it in the login script because they don't have to login to novell to get ip. Thanks

This conversation is currently closed to new comments.

7 total posts (Page 1 of 1)  
| Thread display: Collapse - | Expand +

All Comments

Collapse -

by pgm554 In reply to Denying an IP address

This is kind of a Catch 22 situation.In order for them to get checked for updates and patches,they must be on the network.

However,what you could do is set up an isolated LAN ,with a file server running Zenworks that has all the patches.

The company policy would be that anybody wishing to use the corporate LAN must dock their laptops to the isolated LAN first and have Zenworks update with appropriate patches and policies.

Should require little or no user intervention.

Collapse -

by pgm554 In reply to

You could use the advanced login menu in the client to eliminate the workstaion only check box.
This would force them to login to the Novell network.But ,they would not be able to login if they aren't attached to the network.
Again,a catch 22.

Collapse -

by jasonbis In reply to

Poster rated this answer.

Collapse -

by MMerritt In reply to Denying an IP address

I would have to assume your network is using DHCP to assign IP addresses? If this is the case, you could use MAC filtering to allow or deny network access to specific computers on this portion of your network. There may be other solutions depending on the specifics of your network and this method is one of many I use to secure the network.

Collapse -

by jasonbis In reply to

Poster rated this answer.

Collapse -

by jasonbis In reply to Denying an IP address

Thanks for the help although like you say it is a catch 22 and there really isn't a good solution

Collapse -

by jasonbis In reply to Denying an IP address

This question was closed by the author

Back to Windows Forum
7 total posts (Page 1 of 1)  

Related Discussions

Related Forums