[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now


quarantine control....

Posted on 2005-05-06
Medium Priority
Last Modified: 2011-10-03
I am trying to find a way to quarantine laptops that come in to our office and plug right into our network. I would like them to have virus software and patches before they are allowed access to the network. I've been reeding the article at:


but this seems geared to people who are connecting from outside the network. The people who would be bringing in the laptops would just come in, bypass the firewall, get a DHCP address and away they go. It also might not be possible for me restrict by groups in AD because they are logging on locally to their machines but it is still possible in some situations for them to access a couple of computers on the network.

What would be the best way to make sure these people pass certain qualifications so they don't end up bringing in a virus,etc.?
Question by:wlandymore
  • 3
  • 2
LVL 20

Expert Comment

ID: 13944918

Author Comment

ID: 13945028
so if I install IAS on a computer and then write the scripts, how can I make sure that computers who have just been plugged into the network go through the script to make sure they're up to code?

Author Comment

ID: 13945085
Also, I saw something about the 'needing to be a member of the same domain as the IAS server'. Does this mean that if the client is logging on to the local computer it will bypass the policy?
LVL 20

Accepted Solution

mkbean earned 750 total points
ID: 13946682
Here are two excellent reads on it but it looks like it is only going to apply to remote users but now i'm not sure if you can use it for users that plug into your network.

Deploying Network Access Quarantine Control, Part 1

Deploying Network Access Quarantine Control, Part 2

I'm still looking for more info though.


Author Comment

ID: 13946968
I've been playing around with it a little and if you open up IAS and then make a new policy, once you've named it, you can choose things like VPN, but there is also an Ethernet category. It seems like there might be a way but it's very vague on the subject.

thanks for the links. I'll take a look at those now and see if I can understand how to do this....

Featured Post

Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Setting up a Microsoft WSUS update system is free relatively speaking if you have hard disk space and processor capacity.   However, WSUS can be a blessing and a curse. For example, there is nothing worse than approving updates and they just have…
This article provides a convenient collection of links to Microsoft provided Security Patches for operating systems that have reached their End of Life support cycle. Included operating systems covered by this article are Windows XP,  Windows Server…
this video summaries big data hadoop online training demo (http://onlineitguru.com/big-data-hadoop-online-training-placement.html) , and covers basics in big data hadoop .
Whether it be Exchange Server Crash Issues, Dirty Shutdown Errors or Failed to mount error, Stellar Phoenix Mailbox Exchange Recovery has always got your back. With the help of its easy to understand user interface and 3 simple steps recovery proced…

872 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question