mkmcgohan
asked on
Blocking Domain Computers from Public Wi-Fi
Quick question.. is there a way via script, registry entry, or GPO to block my laptop users from specifi Wi-Fi's around my office? We currently have a corporate encrypted wireless with radius server, authentication via GPO, etc etc, this also goes though my "Web Blocker" to aces the "bad" sites, (sports, youtube, porn..etc). The issue is they can just detach from the corporate wireless and attach to someones unencrypted, unsecured wi-fi and get too all kinds of good stuff. Im sure I can write a GPO that ONLY allows them to access my corporate wi-fi but then that pretty much makes their laptops usless outside the building.
Is there anyway I can add, like a list, of denied WI-FIs?
Thanks in advance
Is there anyway I can add, like a list, of denied WI-FIs?
Thanks in advance
Check this out:
http://www.pcworld.com/businesscenter/article/158288/block_wifi_intruders_with_a_secure_paint_job.html
They make a paint that can block wireless signals. Might be too extreme but it would block outside laptops from getting into your network and inside laptops from getting outside of your building.
Just a suggestion.
http://www.pcworld.com/businesscenter/article/158288/block_wifi_intruders_with_a_secure_paint_job.html
They make a paint that can block wireless signals. Might be too extreme but it would block outside laptops from getting into your network and inside laptops from getting outside of your building.
Just a suggestion.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Sorry i re-read the question.
But I still thing your problem is when users go home / away from the office. Because no matter how you lock it down, that has to be reversed for when they get home. It seems to be very messy and may involve alot of scripting (log off / log on )
But I still thing your problem is when users go home / away from the office. Because no matter how you lock it down, that has to be reversed for when they get home. It seems to be very messy and may involve alot of scripting (log off / log on )
ASKER
Yes I think you answered your own question there naykam. At work, connected to my network and wireless I want them locked, at home or in some coffe shop they are free. Its a tough one, but I didnt think it would be so difficult. Im really trying to stay away from a VPN solution where all traffic must be tunneled to me. We are not that strick. A GPO setting stating if you authenticate to a DC (domain controller) your wireless settings are under my control and they cannot change, but if you dont authenticate to a DC you are free to choose a Wi-FI connection. Uggh I feel a long and nasty script coming....
What is your server version?
In Windows 2008 Active Directory, you can apply WMI filters to a specified group policy object.
That way you can say: (for example): if the computer cannot reach the domain controller (by using a wmi type of "ping", then remove restrictions.
In Windows 2008 Active Directory, you can apply WMI filters to a specified group policy object.
That way you can say: (for example): if the computer cannot reach the domain controller (by using a wmi type of "ping", then remove restrictions.
ASKER
This does not seem too possible without writing a nasty script.
Well, you were given "answers", however your choice in deciding not to use them does not constitute not assigning points to the Experts who offered their time and ideas to you.
This might just be me being antsy since it's almost time to go home for the day...but...
If you offer to pay me $5 to tell you how to bake a wonderfully delicious pizza, and I tell you...and then you choose NOT to pay me because you think it's going to be messy with so much sauce....that's not my fault. I told you how to bake a pizza, so i deserve the $5...it's your choice whether you follow up on it or not.
This might just be me being antsy since it's almost time to go home for the day...but...
If you offer to pay me $5 to tell you how to bake a wonderfully delicious pizza, and I tell you...and then you choose NOT to pay me because you think it's going to be messy with so much sauce....that's not my fault. I told you how to bake a pizza, so i deserve the $5...it's your choice whether you follow up on it or not.
ASKER
Well if you gave me a recipe for the pizza Id give you the $5, but if I tell you Im hungry and you tell me to eat a pizza.... A Faraday cage? Magic paint? A wonderful script?
ASKER
Did not receive a viable solution.
http://en.wikipedia.org/wiki/Faraday_cage
That's too expensive :)
You could also get some fly-screen (aluminum only though). Sort of like chicken-wire.
However, in order to do that you'd basically want to cover all the windows in your office, which isn't feasible, unless you're in a less-than-savory neighborhood.
You can't "block" someone else's signal....short of accessing their router and doing some less-than-friendly things to have it not broadcast. But that's illegal, and not good.
One of the other things i can think of, and keep in mind, i've never done this...
Create a registry hack that will change the way the wireless works on your clients to only connect to preferred networks. And then we'd have to find some way to disable the adding of networks to the preferred networks list.
So then your clients could ONLY connect to preferred networks, but couldn't add them without permission, thus leaving yours only.