Solved

Can i set expiration duration of a network password?

Posted on 2011-09-25
8
268 Views
Last Modified: 2012-05-12
In our building (very large) we have a public wireless access in the front of the building since that's were our firewall (DMZ) lives. We have an encrypted wireless throughout the rest of the building for our staff.

Occasionally we have outside speakers who need internet access but are in a room outside the reach of teh public access point.

Can i give them temporary access to the non-public wireless network that would expire like in a day. And a password that's not the same as the staff access

Hope this made sense.
0
Comment
Question by:ronfast
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 2
8 Comments
 

Author Comment

by:ronfast
ID: 36595732
Just to clarify. . .
I have set up the default wireless access for the encrypted wireless network so the staff automatically have access to network resources (i.e. access file servers).

What I'm asking is if i can give an outside speaker only access to the internet and not the network resourses
0
 

Author Comment

by:ronfast
ID: 36595740
I know how to set a user account so it expires on a specific date in AD.
0
 
LVL 42

Expert Comment

by:kevinhsieh
ID: 36597351
You could make the account a member of domain guests (not domain users) and also a member of a group that has access to the wireless (assuming you don't want to give Domain Guests access to the Wi-Fi. This is assuming you use NPS as the RADIUS server to authorize wireless connections.
0
Simplifying Server Workload Migrations

This use case outlines the migration challenges that organizations face and how the Acronis AnyData Engine supports physical-to-physical (P2P), physical-to-virtual (P2V), virtual to physical (V2P), and cross-virtual (V2V) migration scenarios to address these challenges.

 
LVL 22

Accepted Solution

by:
chakko earned 500 total points
ID: 36597601
What I have done at one company is that I setup a group called NoAccess and then configured explicit DENY Access for that group to all resources which I thought were important.

So, when I encounter something like your situation I create a guest account and add it to the NoAccess group.  Similarly, I can 'lockout' a user from the LAN side if needed.  (I had this requirement before where management allowed an outgoing staff person to logon to their PC and access Outlook mail, but wanted all server resources blocked).
0
 

Author Closing Comment

by:ronfast
ID: 36600318
Thank you for the clear and concise solution. Perfect
0
 

Author Comment

by:ronfast
ID: 36943393
chakko, i don't know if you are still monitoring this question but if you are i have one more questiosn if you don't mind.
So since there is only 1 password to the encrypted wireless network i still give them this password and then just control their access in AD, right

thank you,
Ron
0
 
LVL 22

Expert Comment

by:chakko
ID: 36943683
That should probably work.  Their AD account can be used to deny access to Servers.

if your equipment supports the features, one option is to made another SSID on the Wireless and set that on a separate VLAN, then restrict that VLAN to only internet access.
0
 

Author Comment

by:ronfast
ID: 36943882
okay thanks again
0

Featured Post

Free NetCrunch network monitor licenses!

Only on Experts-Exchange: Sign-up for a free-trial and we'll send you your permanent license!

Here is what you get: 30 Nodes | Unlimited Sensors | No Time Restrictions | Absolutely FREE!

Act now. This offer ends July 14, 2017.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A company’s centralized system that manages user data, security, and distributed resources is often a focus of criminal attention. Active Directory (AD) is no exception. In truth, it’s even more likely to be targeted due to the number of companies …
Active Directory security has been a hot topic of late, and for good reason. With 90% of the world’s organization using this system to manage access to all parts of their IT infrastructure, knowing how to protect against threats and keep vulnerabil…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…
Suggested Courses

623 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question