Announcement

Collapse
No announcement yet.

Blocking non-domain PCs from using domain resources

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Blocking non-domain PCs from using domain resources

    I would like to prevent PCs on my LAN that are not members of the domain from authenticating with my servers to access resources. Ideally, even with valid domain credentials, users would be unable to authenticate with the server unless the PC they were connecting from was a member of the domain. Is this doable?

  • #2
    Re: Blocking non-domain PCs from using domain resources

    access to resources as far as i know are based on a User not a PC (unless configured otherwise).
    if you have set permissions on Shares/file for authenticated users or any other domain group you got , that should clear the problem.
    You do need to remove the "Everyone" which is equivalent to "Public" , meaning from any environment or OS platform.
    does that answer your question?
    Last edited by Akila; 31st July 2008, 17:36.

    Comment


    • #3
      Re: Blocking non-domain PCs from using domain resources

      I have many PCs that come in to the building without antivirus, or proper updates. The owners of these machines plug them in to the LAN, and authenticate with the server to access files and print. I don't want them to have that ability unless the machine is a domain member so that I can be sure they have all of their updates and functional antivirus.

      Comment


      • #4
        Re: Blocking non-domain PCs from using domain resources

        Google for "IPSec Domain Isolation" - this could be a solution for you.
        Guy Teverovsky
        "Smith & Wesson - the original point and click interface"

        Comment


        • #5
          Re: Blocking non-domain PCs from using domain resources

          Originally posted by JParr View Post
          I have many PCs that come in to the building without antivirus, or proper updates. The owners of these machines plug them in to the LAN, and authenticate with the server to access files and print. I don't want them to have that ability unless the machine is a domain member so that I can be sure they have all of their updates and functional antivirus.
          we pretty much have the same situation in our environment, what we do is just block them getting an IP all together by having a MAC address filter list on the DHCP service, but I guess it's not what you want.

          Comment


          • #6
            Re: Blocking non-domain PCs from using domain resources

            This is what you need:

            http://technet.microsoft.com/en-us/n.../bb545879.aspx

            Comment

            Working...
            X