General discussion

  • Creator
    Topic
  • #2277632

    Forcing users & machines to authenticate

    Locked

    by williamoshea ·

    I have posted this question before but a lot of the answers showed that the question was misunderstood. I want to be able to stop laptops that are non-domain members from having access to resources on the domain. At the moment any user with a username and password can plug in a laptop, obtain an IP from DHCP server and access a resource by entering domain\username then password, even though the pc he/she is logging in from is not a memeber of the domain. In one word I want to force not just users to authenticate but also machines.
    I work in a Windows 2000 environment with Win2k pro and xp clients OS. I have fully implemented Group Policies. However some of the users of laptops have decided not to have their laptops added to the domain. SO WHAT THEY DO IS FIND ANY PATCHED CAT5 PORT, PLUG THEIR LAPTOPS IN, OBTAIN AN IP ADDRESS AND OFF THEY GO. IS THERE A WAY I COULD DENY THEIR LAPTOPS IP ADDRESS OR BETTER STILL STOP THEM FROM ACCESSING NETWORK RESOURCES UNLESS THEY ARE PROPERLY LOGGED ON TO THE NETWORK.

All Comments

  • Author
    Replies
    • #2708206

      Reply To: Forcing users & machines to authenticate

      by p.j.hutchison ·

      In reply to Forcing users & machines to authenticate

      In DHCP, you can specify Mac Addresses of known laptops, to exclude them from getting a IP address and thus access to network. Of course, if they set a static ip address then that method cannot stop them, you could disable their account until all laptop users are updated to use the domain.

    • #2708191

      Reply To: Forcing users & machines to authenticate

      by ewgny ·

      In reply to Forcing users & machines to authenticate

      You can set up a certificate Authority and require that all Domain Computers authenticate with a “machine certificate” the Domain Workstations can receive their certificates through Group Policy Autoenrollment, wheras Non- Domain PC’s will have to request a certificate, which would have to be approved before access is allowed

    • #2708850

      Reply To: Forcing users & machines to authenticate

      by haileyan ·

      In reply to Forcing users & machines to authenticate

      The other thing I would do is make sure that all of your shared resources (printers and shared folders) are restricted to Domain Users. By default all of your shares have “everyone” which means anyone con that subnet can access the shares. I never leave “everyone” in security on any shared network resource.

Viewing 2 reply threads