PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Dan DeStefano
Sent: Monday, May 16, 2005 9:59 AM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Secure DHCP
I thought about that, but I think it would quickly become cumbersome to
manage. Kind of defeats most of the purpose of DHCP.
Dan
arlie Kaiser
Sent: Monday, May 16, 2005 9:40 AM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Secure DHCP
At the lower layers of the OSI stack, the only way I'm aware of to block
computers from getting an IP address is to use port-based authentication
if
your network hardware supports
Sent: Monday, May 16, 2005 9:40 AM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Secure DHCP
At the lower layers of the OSI stack, the only way I'm aware of to block
computers from getting an IP address is to use port-based authentication if
your network hardware supports it. As Al
Title: Message
MS has
an offering named Quarantine Control which can be used to control RAS clients
but this (today) does not apply to non-remote clients.
The
following article implies that plans are in motion to extend this model to
include non-remote clients although you'll need to wait
At the lower layers of the OSI stack, the only way I'm aware of to block
computers from getting an IP address is to use port-based authentication
if your network hardware supports it. As Al mentioned, quarantine
networks are becoming a more realistic solution, but don't address the
basics of DHCP.
One way that might work for you is to create a quarantine
network similar to what is used for VPN access. To get connected a user
has to meet certain criteria before being allowed on the trusted network
(where a browse list could be used/modified etc). Some criteria might be a
successful a