+ Post New Thread
Results 1 to 9 of 9
Windows Server 2008 R2 Thread, Allowing certain devices to be authenticated in Technical; Back when I was in school, I remember something about a feature in server 2008 r2 that allowed you to ...
  1. #1
    MordyT's Avatar
    Join Date
    Sep 2012
    Location
    In a computer
    Posts
    506
    Thank Post
    44
    Thanked 75 Times in 70 Posts
    Rep Power
    22

    Allowing certain devices to be authenticated

    Back when I was in school, I remember something about a feature in server 2008 r2 that allowed you to only allow certain devices to access the network.

    Meaning if I took a random PC and plugged it into a active jack, it wouldn't allow it to access any network services/devices.

    Does anyone remember what this is called so I can do more research?

    Or is there any alternatives you would recommend?

    Also looking for a way to prevent known PCs from being able to access the network in the event a student wipes them and reinstalls a blank OS without our restrictions.

  2. #2

    plexer's Avatar
    Join Date
    Dec 2005
    Location
    Norfolk
    Posts
    13,682
    Thank Post
    755
    Thanked 1,715 Times in 1,526 Posts
    Rep Power
    438
    Network Access Protection - NAP with 802.1x port security.

    Ben

  3. Thanks to plexer from:

    MordyT (15th September 2013)

  4. #3
    ADMaster's Avatar
    Join Date
    May 2012
    Posts
    355
    Thank Post
    5
    Thanked 38 Times in 33 Posts
    Rep Power
    25
    I've not used this myself but it is another NAC solution to look at.

    PacketFence: Open Source NAC (Network Access Control)

    I wish I had time to get a NAC solution going.

  5. Thanks to ADMaster from:

    MordyT (16th September 2013)

  6. #4

    Join Date
    Jan 2008
    Location
    South West
    Posts
    1,842
    Thank Post
    219
    Thanked 271 Times in 219 Posts
    Rep Power
    69
    there is a Microsoft technology that does not need switch access or new hardware. SDI (Windows Server and Domain Isolation) its built in and free. It uses IPsec to encrypt all the communication so even if a device were to get on the network it can't talk to anything!

  7. 2 Thanks to chazzy2501:

    MordyT (16th September 2013), plexer (16th September 2013)

  8. #5

    plexer's Avatar
    Join Date
    Dec 2005
    Location
    Norfolk
    Posts
    13,682
    Thank Post
    755
    Thanked 1,715 Times in 1,526 Posts
    Rep Power
    438

  9. Thanks to plexer from:

    MordyT (16th September 2013)

  10. #6

    plexer's Avatar
    Join Date
    Dec 2005
    Location
    Norfolk
    Posts
    13,682
    Thank Post
    755
    Thanked 1,715 Times in 1,526 Posts
    Rep Power
    438
    I guess the drawback with server and domain isolation is that any devices that wish to contact the resources must be domain joined which would rule out most tables and phones but for securing highly important subsections of a domain it's a good idea.

    Ben

  11. Thanks to plexer from:

    MordyT (16th September 2013)

  12. #7

    Join Date
    Jan 2008
    Location
    South West
    Posts
    1,842
    Thank Post
    219
    Thanked 271 Times in 219 Posts
    Rep Power
    69
    I think with SD&I you can set a no encryption perimeter setup. (Printers, Phones. etc.) This kind of setup may be desirable if you have no control over your network (Rented building with switching as part of your rental) I know of 1 school with that setup

  13. Thanks to chazzy2501 from:

    MordyT (16th September 2013)

  14. #8

    Join Date
    Jan 2008
    Location
    South West
    Posts
    1,842
    Thank Post
    219
    Thanked 271 Times in 219 Posts
    Rep Power
    69
    oh and if your going to use 802.1x then there is this useful looking software.

    Packetfence

    EDIT: ooops @ADMaster beat me too it
    Last edited by chazzy2501; 16th September 2013 at 11:48 AM.

  15. Thanks to chazzy2501 from:

    MordyT (16th September 2013)

  16. #9
    MordyT's Avatar
    Join Date
    Sep 2012
    Location
    In a computer
    Posts
    506
    Thank Post
    44
    Thanked 75 Times in 70 Posts
    Rep Power
    22
    Thanks everyone. Its either SDI or NAC... Don't remember, but think its SDI. I have my work cut out for me.



SHARE:
+ Post New Thread

Similar Threads

  1. Replies: 15
    Last Post: 15th January 2012, 11:57 PM
  2. Only Allow certain Exe's to run
    By njr in forum Network and Classroom Management
    Replies: 1
    Last Post: 18th October 2010, 11:30 AM
  3. Allow active X controls to be authorised automatically by GPO
    By denon101 in forum Windows Server 2000/2003
    Replies: 2
    Last Post: 20th May 2009, 03:47 PM
  4. Replies: 3
    Last Post: 24th January 2006, 10:44 PM
  5. Only allow certain users to log on to a machine?
    By wesleyw in forum How do you do....it?
    Replies: 7
    Last Post: 17th January 2006, 12:38 AM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •