?
Solved

Blocking internet access to non-domain member computers

Posted on 2006-04-03
4
Medium Priority
?
593 Views
Last Modified: 2013-12-04
Hi,

I manage a small network and I noticed the following : as long as I plug any computer to our network, it gets an IP address from our DHCP server and can access the internet. I would like to limit internet access to computers which have domain accounts only.
I know one way would be to setup mac filtering but that would take a while and maintenance.
Is there a setting in Windows 2000 server DHCP which will do the job? Or a policy?

Thanks
0
Comment
Question by:pascal_p
  • 2
4 Comments
 
LVL 4

Expert Comment

by:boywaja
ID: 16366237
I dont know anything in dhcp that could be used for that.

As you point out using HW address reservations is a management nightmare.

Microsoft is mentioning using IPSEC so that only people in your domain can talk to you.
http://www.microsoft.com/downloads/info.aspx?na=22&p=18&SrcDisplayLang=en&SrcCategoryId=&SrcFamilyId=&u=%2fdownloads%2fdetails.aspx%3fFamilyID%3d156c73a1-f9c2-41c7-b5c1-a509fb255447%26DisplayLang%3den

Others (with newer network switches) are looking at 802.1x so that your computers authenticate to the network equipment before getting on the network.   that is kind of an involved project.

And of course others have the philosophy, let them on but they must meet my policy they using products like Cisco NAC or Cleanaccess to do that.  
0
 
LVL 4

Accepted Solution

by:
boywaja earned 500 total points
ID: 16366264
nevermind, I was answering a question of my own making.  I'd say the easiest way to block internet access to unauthorized user is to have a password protected http proxy.
0
 
LVL 1

Expert Comment

by:jedijee
ID: 16366932
Change the security permissions on iexplore.exe to include only users you want to allow internet access via IE to run to.
0
 

Author Comment

by:pascal_p
ID: 16370156
I ll accept boywaja's response as the most practical. Second response requires you having access to a non-domain member computer. If someone off the street would plug into my network (over my dead body), they would have internet access and I could not necessarily change their internet options.
It's surprising that micrisoft has not linked computer domain accounts and DHCP. Assuming network printers could be given network accounts.

Thanks everyone.
0

Featured Post

Cyber Threats to Small Businesses (Part 1)

This past May, Webroot surveyed more than 600 IT decision-makers at medium-sized companies to see how these small businesses perceived new threats facing their organizations.  Read what Webroot CISO, Gary Hayslip, has to say about the survey in part 1 of this 2-part blog series.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This is a guide to the following problem (not exclusive but here) on Windows: Users need our support and we supporters often use global administrative accounts to do this. Using these accounts safely is a real challenge. Any admin who takes se…
Article by: btan
The intent is not to repeat what many has know about Ransomware but more to join its dots of what is it, who are the victims, why it exists, when and how we respond on infection. Lastly, sum up in a glance to share such information with more to help…
Please read the paragraph below before following the instructions in the video — there are important caveats in the paragraph that I did not mention in the video. If your PaperPort 12 or PaperPort 14 is failing to start, or crashing, or hanging, …
With just a little bit of  SQL and VBA, many doors open to cool things like synchronize a list box to display data relevant to other information on a form.  If you have never written code or looked at an SQL statement before, no problem! ...  give i…
Suggested Courses
Course of the Month15 days, 18 hours left to enroll

850 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question