• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 280
  • Last Modified:

Can i set expiration duration of a network password?

In our building (very large) we have a public wireless access in the front of the building since that's were our firewall (DMZ) lives. We have an encrypted wireless throughout the rest of the building for our staff.

Occasionally we have outside speakers who need internet access but are in a room outside the reach of teh public access point.

Can i give them temporary access to the non-public wireless network that would expire like in a day. And a password that's not the same as the staff access

Hope this made sense.
0
ronfast
Asked:
ronfast
  • 5
  • 2
1 Solution
 
ronfastI.T. DirectorAuthor Commented:
Just to clarify. . .
I have set up the default wireless access for the encrypted wireless network so the staff automatically have access to network resources (i.e. access file servers).

What I'm asking is if i can give an outside speaker only access to the internet and not the network resourses
0
 
ronfastI.T. DirectorAuthor Commented:
I know how to set a user account so it expires on a specific date in AD.
0
 
kevinhsiehCommented:
You could make the account a member of domain guests (not domain users) and also a member of a group that has access to the wireless (assuming you don't want to give Domain Guests access to the Wi-Fi. This is assuming you use NPS as the RADIUS server to authorize wireless connections.
0
Creating Active Directory Users from a Text File

If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.

 
chakkoCommented:
What I have done at one company is that I setup a group called NoAccess and then configured explicit DENY Access for that group to all resources which I thought were important.

So, when I encounter something like your situation I create a guest account and add it to the NoAccess group.  Similarly, I can 'lockout' a user from the LAN side if needed.  (I had this requirement before where management allowed an outgoing staff person to logon to their PC and access Outlook mail, but wanted all server resources blocked).
0
 
ronfastI.T. DirectorAuthor Commented:
Thank you for the clear and concise solution. Perfect
0
 
ronfastI.T. DirectorAuthor Commented:
chakko, i don't know if you are still monitoring this question but if you are i have one more questiosn if you don't mind.
So since there is only 1 password to the encrypted wireless network i still give them this password and then just control their access in AD, right

thank you,
Ron
0
 
chakkoCommented:
That should probably work.  Their AD account can be used to deny access to Servers.

if your equipment supports the features, one option is to made another SSID on the Wireless and set that on a separate VLAN, then restrict that VLAN to only internet access.
0
 
ronfastI.T. DirectorAuthor Commented:
okay thanks again
0

Featured Post

Easily manage email signatures in Office 365

Managing email signatures in Office 365 can be a challenging task if you don't have the right tool. CodeTwo Email Signatures for Office 365 will help you implement a unified email signature look, no matter what email client is used by users. Test it for free!

  • 5
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now