08-17-2011 12:33 AM - edited 03-07-2019 01:44 AM
Hi Shashank,
I have network in my company (arounf 100 PC) that I want to prevent personal PCs or laptop( belong to employee or visitor) to access network via LAN.
while I was searching then I found a way but I do not know how to implemt this.
My Idea is:
Get MAC address from all PCs in network and put them in to switch(But how????) ,if the extenal pc or laptop connect to my company network then he/she should not get the acess and I should get the automatic update or alert that Someone is using outside device.(Not company device)
please help me to solve this problem.
How to implement this????
Regards
Sandeep Choudhary
08-18-2011 01:51 AM
You can use either Active Directory or 802.1x.
08-18-2011 02:31 AM
Thank you very much............
But How can I implemet it .................this is my main problem......
Yes I have only 2 sloution either i have to connect with active directory or use 802.1x............
(Let me explain clearly:
Suppose I have 5000 employee on 4 location.( Italy, Spain, Germany, India)..
Means I have 5000 Mac address or 5000 laptops (Total).
If 1 person goes Germany to India...he should get access to LAN Network there because he is using company laptop or company Mac address.
If he uses his personal laptop.......then he should not get access...or someone from outside uses his laptop then he should not get access to LAN Network.
Now tell me how can I prevent my LAN Network.)
If you know how to implement then please let me know...
Regards
08-18-2011 02:48 AM
Hi,
You don't want to mess with MAC addresses having to perform changes every time hardware changes.
Active Directory could solve your problem. By joining clients (PCs and laptops) to your domain, you can setup group policies. Each department could have an organizational unit of its own while you could setup specific group policies for specific organizational units.
Best regards,
Girogos
08-18-2011 03:48 AM
Well, you need to promote a server into a domain controller. Then setup your domain, create organizational units and group policies. When everything is done, you need to join clients to your domain.
Computers or users not authenticated to the active directory, will not be able to browse your network.
The problem is there's really a lot of work to be done since all of the above is actually a summary of what needed.
An excellent resource to start searching for the basic steps, is: http://support.microsoft.com while
http://social.technet.microsoft.com/Forums/en-US/winserverDS/threads will definitely help.
Best regards,
Giorgos
08-18-2011 11:30 PM
Thanks you very much...
08-18-2011 11:39 PM
You're welcome!
If you ask me, Active Directory will be a valuable asset to your company for many different reasons.
It may take time to configure if you don't have much experience but when done you will see the difference.
Good luck,
Giorgos
09-02-2011 04:21 AM
@Giorgos : As u said.... i have done with
1- promoted a server into a domain controller
2- setup a domain
3-created organizational units and group policies.
4-When everything finished then i joined clients to my domain.
Now my question is how can i give the condition that only joint client shoud get the access.
09-02-2011 04:45 AM
Every user who won't have access to the web must be a member of a specific OU.
A specific GPO (group policy object) must be assigned to that OU. This GPO should set a false proxy server to Internet Explorer (say 0.0.0.0) while denying access to Internet Options for the user. This will do the trick.
Working with domain users, OUs and GPOs you'll see how many options you have. You can do lots of things.
Hope this helps. I know that this is not the appropriate place to discuss about Microsoft, so if there's something more I can do for you, just PM me.
Good luck,
Giorgos
08-18-2011 04:18 AM
Suppose I have 5000 employee on 4 location.( Italy, Spain, Germany, India)..
You have 5000 employees and use 100 computers?
If 1 person goes Germany to India...he should get access to LAN Network there because he is using company laptop or company Mac address.
If he uses his personal laptop.......then he should not get access...or someone from outside uses his laptop then he should not get access to LAN Network.
Now tell me how can I prevent my LAN Network.)
This is Active Directory. Any MS server guy/gal can implement Active Directory.
Another option is to use 802.1X. If the PC/Laptop does not have the credentials you specify (membership to a domain via Active Directory, updated anti-virus, patches, etc.) then that user will go to a quarantine VLAN or a 169.254.X.X IP address.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide