We help IT Professionals succeed at work.

Small Business Server Locking down non domain joined  machines

Hi All,

Is there a way to stop non domain attached machines from getting an IP address in the SBS 2011 domain?
For example: They bring in their own laptop (or or i-phone on open wireless)  and plug it in to the system. Currently they will be able to surf the web.
How can I lock this down please?
Only domain joined machines/ users allowed. No exceptions.
Any ideas would be appreciated.
Olaf
Comment
Watch Question

Commented:
It depends on your environment, If you got manages switch you can setup vlan and setup different dhcp for example on the router or wireless access point and make separate network just only for internet use. Tell us more about your netowork
Sekar ChinnakannuStaff Engineer
BRONZE EXPERT
Commented:
You can try with reserving the IP for workstations or else u can configure DHCP scope to limit the workstations.
BRONZE EXPERT
Commented:
For wireless you could use

- MAC address filtering, bit cumbersome but would do the job
- As suggested above VLAN the network or create a seperate subnet for guest wireless access which is then locked down for internet access

Physical connections you could use

- Switch port security if you have a switch that supports it
- or seperate class id's in DHCP for your internal network so that the default class gives out IP's for a restricted subnet

I can't think of a way that wouldn't take a bit of setting up beforehand but I'm sure others may know.....

Explore More ContentExplore courses, solutions, and other research materials related to this topic.