Re: Network Infrastructure
- From: Paul Weterings <Paul-nospam-@syncpuls-dot-com>
- Date: Tue, 25 Mar 2008 16:58:46 +0100
This is what I understand the question to be:
"I want to restrict rogue systems to have access to servers on my network, only systems that I allow to have access should be able to 'logon to the network'."
This can be done through IPSec policies in combination with Group policies, but it's too much to explain in a simple E-Mail, hit the books! It is discussed in the 70-291 exam and even more detailed in the 70-293 MCSE exam.
/ ) Regards,
/ /_________
_|__|__) Paul Weterings
/ (O_) http://www.servercare.nl
__/ (O_)
____(O_)
Craig wrote:
When you say you do not want them to be on the network, what do you.
mean? What is it you are trying to stop? anyone can plug the cable in
a change the IP address to match the network.
In article <uoT2v0ljIHA.3940@xxxxxxxxxxxxxxxxxxxx> "Bill
Grant"<not.available@online> wrote:
I would put the DHCP server with the DNS server on a DC, rather
than with ISA.
I don't think that ISA server is what you need here. It is
designed to control how your LAN machines access the Internet, not
what happens on the LAN.
You appear to be searching for a way to control unauthorised
access to your LAN, but none of the methods you suggest will do that.
DHCP is designed to make it easier for machines to get on to the
network, not make it harder. The users would not need to know how to
configure the tcp/ip settings. DHCP would do it for them. That is
what it is for!
There is no way to control this through Active Directory. DHCP is
a very simple minded process. The client machine broadcasts on the
LAN and the DHCP server replies with an offer. Active directory is
not involved. Trying to keep people off your network using DHCP
reservations or MAC filtering is not the way to go.
"Allan M. Grafil" <agrafil@xxxxxxxxxxx> wrote in message news:%23vv9tFljIHA.4940@xxxxxxxxxxxxxxxxxxxxxxxHi Guys,
Hope Im in the right group.
Im in a stage of fixing my network. This is my current setup.
1. I have an active directory server, which is mydomain.com,
wherein also my DNS and DHCP is located.
2. My subnet is 255.255.255.0
This is my idea.
1. Have these servers: (Need suggestions on these)
a. AD Server with DNS Server - is this a good practice?
b. DHCP Server with ISA Server - is this a good practice?
Other concern:
I want my network to have access limitations. Here is a scenario.
1. In our network, only managers can use their laptop to access
our network and internet. It can be wired or wireless. Unauthorized
laptop should or must not access our network. But from the way the
network was setup, they can access it through wire. I can filter
the wireless using MAC
Address filter from the routers. But if they connect through wire
and know
how to config TCP/IP they can easily access our network. Can this
be avoided through ISA? Is there a way to filter MAC Address
through Active Directory?
Hope you can help me on this.
Thanks in advance.
Allan
- References:
- Network Infrastructure
- From: Allan M. Grafil
- Re: Network Infrastructure
- From: Bill Grant
- Re: Network Infrastructure
- From: Craig
- Network Infrastructure
- Prev by Date: Do members of the local Administrators group implicitly have these rights?
- Next by Date: Re: Updating applications on Server 2003
- Previous by thread: Re: Network Infrastructure
- Next by thread: Re: Network Infrastructure
- Index(es):
Relevant Pages
|
