• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 270
  • Last Modified:

Laptop Secuirty in Internal Network

Hi All,

I work in a school and teachers are bringing in their laptops to my windows 2003 server network. How can I stop them from accessing the network before I have a chance to check there computers for the latest virus defs, updates, patches etc.

This is a real problem for me and I think people are unknowingly bringing viruses and other sus items into the network.

I have asked them to bring their laptops to me, but they don't, so I want to enforce locking them out or even running something that check each computer is up to date.

Please help
2 Solutions
I've some advice:
- You use DC to manage users, use Microsoft ISA Server to allow/restrict access the Internet, LAN. Config ISA for all user who logon domain can access Internet.
- If he (have laptop) use wireless connection, you can config your access point to restrict who can use.
How big is your network ? I mean, how many computers ?

JSCHSAuthor Commented:
250 computers

About 150 PC and about 100 Mac

Macs include OS 9, 10.2, 10.3 and 10.4
PCs include Windows 2000 Pro, XP Pro and XP Home

1 2000 Server running ISA 2000 for proxy and internet filtering
1 2003 Server for Domain Controller, DNS, DHCP, Fileserving
1 Mac 10.2 Server for Mac Management and Fileserving
10 Airports for wireless activity
Many points of access for users to plug laptops in
One way to go about would be to lock them based on their MAC addresses. I mean, create a dhcp reservation for all the clients with mac address specified. But I'm sure you don't wanna go this way since it involves a lot of configuration time and also whenever a network card is changed, you'll have to change the entry in the dhcp server.

There are third party softwares available I believe. But couple of considerations that can be taken are;

1. Have a strict password policy and 'Acceptance policy'. Make them understand that they are responsible for what they do/bring in.

2. A Centralized antivirus solution would be good so that the updates can be done automatically.

3. Set a standard for the laptops (minimum requirements etc.)

if they plug into a jack, how are they allowed to access your domain, without their laptops being added to your domain & them logging into it with a domain acct?

you must prevent users from being able to add pc's to your domain, & you need to setup mac filtering for authorized wireless devices only
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now