No announcement yet.

User Account Security

  • Filter
  • Time
  • Show
Clear All
new posts

  • User Account Security

    Our Network Manager in NY created an AD account for guests to use to connect to our wireless network. He said the user account has no rights to anything. My question is: What are the possible risks and/or what can someone with that type of account do on our network? We have a separate SSID for guest users and they are supposed to use an account that is generated by the Cisco ISE Server. That wasn't working for them so they went ahead and created the AD account without telling me. Now they want me to explain why using an AD account to connect to the non-guest SSID is a bad idea even though that account has "no access". I'm not an AD expert by any stretch of the imagination since i'm a networking guy, but now that I'm in a management position, I have to know both sides of the IT world.

  • #2
    Re: User Account Security

    Why do they need an AD account to connect to the WiFi - presumably the only thing they need is an IP address and internet access

    The only reason I can think of for needing an AD account too is if your WiFi uses RADIUS authentication with AD as the provider?
    Tom Jones
    MCT, MCSE (2000:Security & 2003), MCSA:Security & Messaging, MCDBA, MCDST, MCITP(EA, EMA, SA, EDA, ES, CS), MCTS, MCP, Sec+
    IT Trainer / Consultant
    Ossian Ltd

    ** Remember to give credit where credit is due and leave reputation points where appropriate **


    • #3
      Re: User Account Security

      Hi, you can lock down the AD account with group policy and restrict everything so the person logging on can do very little.
      Please remember to award reputation points if you have received good advice.
      I do tend to think 'outside the box' so others may not always share the same views.

      MCITP -W7,
      MCSA+Messaging, CCENT, ICND2 slowly getting around to.