How to "isolate" a PC on the network

Posted on 2005-03-16
Medium Priority
Last Modified: 2013-12-04
I need to keep one PC on our network isolated somehow.  It's in a doctor's lounge in the hospital.  Office politics being what they are, the doctors are allowed unrestricted use of the internet, using Internet Explorer (because their stock ticker streaming broadcast doesn't work right under Firefox!).  I know it's a big security hole, but I've been told that no restrictions are to be put on it.  Right now they log on to the domain and are a part of the network (Windows 2000 domain).  They don't need to access anything on the domain such as files or printers (though I won't be surprised if they ask for that in the future).  
Is there any way to keep their system "isolated" or quarantined somehow so that whatever problems they might bring onto their system (viruses, spyware, etc) don't compromise the security of the rest of the network? An individual firewall or something that keeps "them" separate from "us"?


Question by:maharlika
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
LVL 25

Accepted Solution

mikeleebrla earned 500 total points
ID: 13556754
1. remove this machine from the domain
2.  have them log in with a local account.
3. ideally this one computer should be connected to its own ISP connection and connect TOTALLY serperate from the existing LAN

if 3 isn't an option put this one computer on its own segment of the router/firewall and dont allow ANY traffic to go from this computer to the rest of the lan.
LVL 15

Assisted Solution

wingatesl earned 500 total points
ID: 13560502
Definately remove it from the domain, make  local account. Give the computer a static ip address. on that computer, change the route for your network say to a nonexistent ipand giv e it a metric of 1. the computer will have no clue how to route any traffice on the inside network

Author Comment

ID: 13566739

this sounds like what I want to do;  please explain how to do this:
How do I change the route for the network to a non-existent IP and still have it be able to access the internet?  ALso, what is meant by "give it a metric of 1"?  Are these steps done in the TCP/IP settings?

Thank you.
Need protection from advanced malware attacks?

Look no further than WatchGuard's Total Security Suite, providing defense in depth against today's most headlining attacks like Petya 2.0 and WannaCry. Keep your organization out of the news with protection from known and unknown threats.

LVL 25

Expert Comment

ID: 13566832
he is talking about using the route add command:  see below:

LVL 15

Expert Comment

ID: 13567604
you would use the command "route add mask metric 1
                                                                            ^   internal netword                                 ^non existent ip
the reason you can still access the internet is because the default gateway is still there. we are just saying" to connect to the internal network we have to route through this non existent computer/router/whatever

LVL 25

Expert Comment

ID: 13567662
you would also want to add the "-p" switch to it to make it a persistant route so it wouldn't go away after each reboot.

Featured Post

Ransomware-A Revenue Bonanza for Service Providers

Ransomware – malware that gets on your customers’ computers, encrypts their data, and extorts a hefty ransom for the decryption keys – is a surging new threat.  The purpose of this eBook is to educate the reader about ransomware attacks.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

As I write this article, I am finishing cleanup from the Qakbot virus variant found in the wild on April 18, 2011.  It was a messy beast that had varying levels of infection, speculated as being dependent on how long it resided on the infected syste…
In a recent article here at Experts Exchange (http://www.experts-exchange.com/articles/18880/PaperPort-14-in-Windows-10-A-First-Look.html), I discussed my nine-month sandbox testing of the Windows 10 Technical Preview, specifically with respect to r…
NetCrunch network monitor is a highly extensive platform for network monitoring and alert generation. In this video you'll see a live demo of NetCrunch with most notable features explained in a walk-through manner. You'll also get to know the philos…
Michael from AdRem Software outlines event notifications and Automatic Corrective Actions in network monitoring. Automatic Corrective Actions are scripts, which can automatically run upon discovery of a certain undesirable condition in your network.…
Suggested Courses

771 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question