How to isolate users

By grooVe13 ·
Hi,I'm asking about a easiest solution how to isolate network users on LAN just to prevent accessing each other computer's shared folders anf files. I would not have access to client computers and their settings so I need to isolate them on some active item in the network. Do I need some manageable switch or firewall or what particular functions do I need to set on these? Can anybody help me just with a few hints. Thanks

This conversation is currently closed to new comments.

Thread display: Collapse - | Expand +

All Answers

Collapse -

You could isolate using a switch with VLAN support..

by cmatthews In reply to How to isolate users

..HP Procurve's are nice. I'm sure there's models from other mfg's, just Google it. If you cascade these make sure your core switches can support enough VLAN tags (HP > 2000)

Collapse -


by grooVe13 In reply to You could isolate using a ...

I think you are the only one who has understand my request. So thanks. Can U actualy describe how to set VLANs on Procurve Switch? or have for me some hint how it should work?

Collapse -

Many understand the question, but it was quite open... Be sure..

by cmatthews In reply to Thanks

..many here also understand the dependent nature some LAN's. Perhaps some of those PC's really need to access other peer or domain-shared printers, or files. Since you have no access to PC settings, we can only deduce that as a third party, you want to impose something on an otherwise working system.. it may introduce other problems..

Would you gave us some more detail on the quantity, OS and working purpose(s) of this "ill-behaved group of PC's/users?

Is access to only limited resources and/or the internet all they do?

Collapse -

More Detail

by grooVe13 In reply to Many understand the quest ...

Its room with 20 sockets connected. There will be posted random clients with random OS. Its only a showroom where some people need to access internet. But I need to restrict that someone sees each other in worgroup. Cause they are mostly businessman who are affraid of their data and mostly know nothing about networks. Thats the thing

Collapse -

Ok, this 28-port unit should do the work for about $250..

by cmatthews In reply to More Detail 27 PC's can be supported.

Click support resources, download manual, your particular focus starts on page 27.

Did you need anything else?

Collapse -


by oldbaritone In reply to How to isolate users

Do they log in to a domain? Create a no-sharing group policy and push it out on the domain.

Collapse -

To join domain he would need access to WS settings..

by cmatthews In reply to Domain?

..or at least that's what he said..??

Collapse -

well could always turn off file and printer sharing

by CG IT In reply to How to isolate users

you can configure the firewall to block file and printer sharing.

you can limit users ability to share files and printers.

Collapse -

But still, he has access to WS settings..

by cmatthews In reply to well could always turn of ...

..unless he somehow slipped-in a script or two.

Collapse -

fileand printer sharing is just that, not client for network

by CG IT In reply to But still, he has access ...

so the client computers can't share folders or printers but still have network access.

there's a lot of variables here without a lot of information. If on a domain network, you can use group policy to control computer settings. If a workgroup, you have to get a little more creative.

someone mentioned VLans and that will do it, but then that adds complexity. Getting vlans [which usually are seperate subnets]to all access the default gateway requires trunking and allowing them to access the trunk line, then the router has to have the routes in it's table. Then you have to make sure intervlan routing isn't enabled or you've just defeated the whole purpose.

Then there is cost. Vlans requires a lot of networking expertise and expensive equipment and as I mentioned adds complexity.

Related Discussions

Related Forums