Laptop Secuirty in Internal Network

Hi All,

I work in a school and teachers are bringing in their laptops to my windows 2003 server network. How can I stop them from accessing the network before I have a chance to check there computers for the latest virus defs, updates, patches etc.

This is a real problem for me and I think people are unknowingly bringing viruses and other sus items into the network.

I have asked them to bring their laptops to me, but they don't, so I want to enforce locking them out or even running something that check each computer is up to date.

Please help
JSCHSAsked:
Who is Participating?
 
rsivanandanConnect With a Mentor Commented:
One way to go about would be to lock them based on their MAC addresses. I mean, create a dhcp reservation for all the clients with mac address specified. But I'm sure you don't wanna go this way since it involves a lot of configuration time and also whenever a network card is changed, you'll have to change the entry in the dhcp server.

There are third party softwares available I believe. But couple of considerations that can be taken are;

1. Have a strict password policy and 'Acceptance policy'. Make them understand that they are responsible for what they do/bring in.

2. A Centralized antivirus solution would be good so that the updates can be done automatically.

3. Set a standard for the laptops (minimum requirements etc.)

Cheers,
Rajesh
0
 
v_sharingConnect With a Mentor Commented:
I've some advice:
- You use DC to manage users, use Microsoft ISA Server to allow/restrict access the Internet, LAN. Config ISA for all user who logon domain can access Internet.
- If he (have laptop) use wireless connection, you can config your access point to restrict who can use.
0
 
rsivanandanCommented:
How big is your network ? I mean, how many computers ?

Cheers,
Rajesh
0
 
JSCHSAuthor Commented:
250 computers

About 150 PC and about 100 Mac

Macs include OS 9, 10.2, 10.3 and 10.4
PCs include Windows 2000 Pro, XP Pro and XP Home

1 2000 Server running ISA 2000 for proxy and internet filtering
1 2003 Server for Domain Controller, DNS, DHCP, Fileserving
1 Mac 10.2 Server for Mac Management and Fileserving
10 Airports for wireless activity
Many points of access for users to plug laptops in
0
 
FriarTukCommented:
if they plug into a jack, how are they allowed to access your domain, without their laptops being added to your domain & them logging into it with a domain acct?

you must prevent users from being able to add pc's to your domain, & you need to setup mac filtering for authorized wireless devices only
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.