I am trying to find a way to quarantine laptops that come in to our office and plug right into our network. I would like them to have virus software and patches before they are allowed access to the network. I've been reeding the article at:
but this seems geared to people who are connecting from outside the network. The people who would be bringing in the laptops would just come in, bypass the firewall, get a DHCP address and away they go. It also might not be possible for me restrict by groups in AD because they are logging on locally to their machines but it is still possible in some situations for them to access a couple of computers on the network.
What would be the best way to make sure these people pass certain qualifications so they don't end up bringing in a virus,etc.?