How to "isolate" a PC on the network
Posted on 2005-03-16
I need to keep one PC on our network isolated somehow. It's in a doctor's lounge in the hospital. Office politics being what they are, the doctors are allowed unrestricted use of the internet, using Internet Explorer (because their stock ticker streaming broadcast doesn't work right under Firefox!). I know it's a big security hole, but I've been told that no restrictions are to be put on it. Right now they log on to the domain and are a part of the network (Windows 2000 domain). They don't need to access anything on the domain such as files or printers (though I won't be surprised if they ask for that in the future).
Is there any way to keep their system "isolated" or quarantined somehow so that whatever problems they might bring onto their system (viruses, spyware, etc) don't compromise the security of the rest of the network? An individual firewall or something that keeps "them" separate from "us"?