Re: Assign special ipaddresses to a group
- From: "Miha Pihler [MVP]" <mihap-news@xxxxxxxxxxx>
- Date: Fri, 18 Aug 2006 16:38:45 +0200
There are quite a few firewalls out there that support groups in different
way. One that you can integrate easiest into your network and your active
directory is Microsoft's ISA Server.
--
Mike
Microsoft MVP - Windows Security
<saturnius@xxxxxxx> wrote in message
news:1155889469.879764.139330@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Hello Miha, Thanks again!
OK - this does not work with simple adminstrative tools....
I was thinking of having a address range for a user group to avoid IP
address conflicts. However, I will try and ask the FW vendor why the
group name does not work....
Many thanks,
Oliver
Miha Pihler [MVP] wrote:
I can recommend you ISA server which can filter users based on their
usernames and their group membership.
The problem with any other solution is that it would not really prevent
users from going to the internet while potentially causing a lot of
problems.
- if you want to make this script work it would have to be a logon script
that would change the IP address. Since logon scripts run in a security
context of a user -- user will need permissions to change IP settings --
which also means he or she can change IP settings to just about anything
and
access the internet
- you can't do this using DHCP and if the script was to assign a static
IP
address and user didn't shutdown the PC, but went on to another PC and
logged on, it would cause an IP conflict...
--
Mike
Microsoft MVP - Windows Security
<saturnius@xxxxxxx> wrote in message
news:1155855732.111172.185110@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Hello Mike,
users can work from different workstations... Any ideas?
Regards,
Saturnius
Miha Pihler [MVP] wrote:
What if you would configure these PCs with static IP address (if you
are
using DHCP on your LAN)? You could also make reservations on DHCP
based
on
MAC address.
Note: if users have administrative permissions on their computers then
they
will be able to change the settings (either IP or MAC address).
--
Mike
Microsoft MVP - Windows Security
<saturnius@xxxxxxx> wrote in message
news:1155821244.067115.119370@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Dear all,
how can I assign to a specific Active Directory group (for example
NonInternetUsers) a specific IP address range (for example
192.168.101....111). Reason for this is that my firewall seems to
work
only with IP addresses not with the AD group name....
Thank,
Saturnius
.
- References:
- Assign special ipaddresses to a group
- From: saturnius
- Re: Assign special ipaddresses to a group
- From: Miha Pihler [MVP]
- Re: Assign special ipaddresses to a group
- From: saturnius
- Re: Assign special ipaddresses to a group
- From: Miha Pihler [MVP]
- Re: Assign special ipaddresses to a group
- From: saturnius
- Assign special ipaddresses to a group
- Prev by Date: Re: tracking users
- Next by Date: Re: Building a server machine
- Previous by thread: Re: Assign special ipaddresses to a group
- Next by thread: Re: Error 0x000000b8 (0x88406540, 0x8893adb0, 0xb3578000, 0x00000000)
- Index(es):
Relevant Pages
|
