Please Read: Significant Update Planned, Migrating Forum Software This Month

See more
See less

Locking down network connectivity.

  • Filter
  • Time
  • Show
Clear All
new posts

  • Locking down network connectivity.

    Good Morning all,

    I'm in need of some help, we have some laptops that we are trying to lock down as tight as possible, with out restricting certain things. We want the users to not be able to connect to their home LANs when taking their computers out in the field, basically these PCs are going to be used to data use that is stored locally on the laptop and the connection to the net will not be necessary. Basically, we only want the user to be able to connect to the internet when attached to OUR DOMAIN and OUR LAN ONLY. Is there a way this can be done? If so how, and what would be the easiest way. Thanks!

  • #2
    Re: Locking down network connectivity.

    This assumes that users lack the privilidge to enable disabled hardware.

    In my mind without a 3rd party app the easiest way to do this would be to disable the network adapters in a logon/shutdown script.

    There are number of ways to disable the card. Check into using netsh.

    This does create a hole though, if the users leave the machine running - standby or maybe even hibernate. Then take it elsewhere they could plug-in and the adapter will still be active.
    To get around that you can run a script in the background that checks for a lan resource in your network. Ping your DC every 2 min or something. If the ping fails disable the adapter.

    There are lots of possabilities.
    Last edited by ahinson; 15th June 2007, 15:05.

    ** Remember to give credit where credit is due and leave reputation points sigpic where appropriate **


    • #3
      Re: Locking down network connectivity.

      i like the idea of a script, maybe i can draw something up... and do it that way, they are going to have these pcs running virtually 24/7 but almost never connected to the network... I like the idea of a script though, something to run in the background at startup, and always ping our local DC. if it can't reach it, disable the card. Thanks!!!