maharlika
asked on
How to "isolate" a PC on the network
I need to keep one PC on our network isolated somehow. It's in a doctor's lounge in the hospital. Office politics being what they are, the doctors are allowed unrestricted use of the internet, using Internet Explorer (because their stock ticker streaming broadcast doesn't work right under Firefox!). I know it's a big security hole, but I've been told that no restrictions are to be put on it. Right now they log on to the domain and are a part of the network (Windows 2000 domain). They don't need to access anything on the domain such as files or printers (though I won't be surprised if they ask for that in the future).
Is there any way to keep their system "isolated" or quarantined somehow so that whatever problems they might bring onto their system (viruses, spyware, etc) don't compromise the security of the rest of the network? An individual firewall or something that keeps "them" separate from "us"?
Thanks...
Is there any way to keep their system "isolated" or quarantined somehow so that whatever problems they might bring onto their system (viruses, spyware, etc) don't compromise the security of the rest of the network? An individual firewall or something that keeps "them" separate from "us"?
Thanks...
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
he is talking about using the route add command: see below:
http://www.computerhope.com/routehlp.htm
http://www.computerhope.com/routehlp.htm
you would use the command "route add 192.168.1.0 mask 255.255.255.0 192.168.1.99 metric 1
^ internal netword ^non existent ip
the reason you can still access the internet is because the default gateway is still there. we are just saying" to connect to the internal network we have to route through this non existent computer/router/whatever
Shawn
^ internal netword ^non existent ip
the reason you can still access the internet is because the default gateway is still there. we are just saying" to connect to the internal network we have to route through this non existent computer/router/whatever
Shawn
you would also want to add the "-p" switch to it to make it a persistant route so it wouldn't go away after each reboot.
ASKER
this sounds like what I want to do; please explain how to do this:
How do I change the route for the network to a non-existent IP and still have it be able to access the internet? ALso, what is meant by "give it a metric of 1"? Are these steps done in the TCP/IP settings?
Thank you.