+ Post New Thread
Results 1 to 9 of 9
Windows Server 2008 R2 Thread, Allowing certain devices to be authenticated in Technical; Back when I was in school, I remember something about a feature in server 2008 r2 that allowed you to ...
  1. #1
    MordyT's Avatar
    Join Date
    Sep 2012
    Location
    In a computer
    Posts
    424
    Thank Post
    43
    Thanked 68 Times in 63 Posts
    Rep Power
    19

    Allowing certain devices to be authenticated

    Back when I was in school, I remember something about a feature in server 2008 r2 that allowed you to only allow certain devices to access the network.

    Meaning if I took a random PC and plugged it into a active jack, it wouldn't allow it to access any network services/devices.

    Does anyone remember what this is called so I can do more research?

    Or is there any alternatives you would recommend?

    Also looking for a way to prevent known PCs from being able to access the network in the event a student wipes them and reinstalls a blank OS without our restrictions.

  2. #2

    plexer's Avatar
    Join Date
    Dec 2005
    Location
    Norfolk
    Posts
    13,343
    Thank Post
    624
    Thanked 1,584 Times in 1,421 Posts
    Rep Power
    414
    Network Access Protection - NAP with 802.1x port security.

    Ben

  3. Thanks to plexer from:

    MordyT (15th September 2013)

  4. #3
    ADMaster's Avatar
    Join Date
    May 2012
    Posts
    325
    Thank Post
    5
    Thanked 33 Times in 28 Posts
    Rep Power
    23
    I've not used this myself but it is another NAC solution to look at.

    PacketFence: Open Source NAC (Network Access Control)

    I wish I had time to get a NAC solution going.

  5. Thanks to ADMaster from:

    MordyT (16th September 2013)

  6. #4
    chazzy2501's Avatar
    Join Date
    Jan 2008
    Location
    South West
    Posts
    1,781
    Thank Post
    213
    Thanked 263 Times in 213 Posts
    Rep Power
    67
    there is a Microsoft technology that does not need switch access or new hardware. SDI (Windows Server and Domain Isolation) its built in and free. It uses IPsec to encrypt all the communication so even if a device were to get on the network it can't talk to anything!

  7. 2 Thanks to chazzy2501:

    MordyT (16th September 2013), plexer (16th September 2013)

  8. #5

    plexer's Avatar
    Join Date
    Dec 2005
    Location
    Norfolk
    Posts
    13,343
    Thank Post
    624
    Thanked 1,584 Times in 1,421 Posts
    Rep Power
    414

  9. Thanks to plexer from:

    MordyT (16th September 2013)

  10. #6

    plexer's Avatar
    Join Date
    Dec 2005
    Location
    Norfolk
    Posts
    13,343
    Thank Post
    624
    Thanked 1,584 Times in 1,421 Posts
    Rep Power
    414
    I guess the drawback with server and domain isolation is that any devices that wish to contact the resources must be domain joined which would rule out most tables and phones but for securing highly important subsections of a domain it's a good idea.

    Ben

  11. Thanks to plexer from:

    MordyT (16th September 2013)

  12. #7
    chazzy2501's Avatar
    Join Date
    Jan 2008
    Location
    South West
    Posts
    1,781
    Thank Post
    213
    Thanked 263 Times in 213 Posts
    Rep Power
    67
    I think with SD&I you can set a no encryption perimeter setup. (Printers, Phones. etc.) This kind of setup may be desirable if you have no control over your network (Rented building with switching as part of your rental) I know of 1 school with that setup

  13. Thanks to chazzy2501 from:

    MordyT (16th September 2013)

  14. #8
    chazzy2501's Avatar
    Join Date
    Jan 2008
    Location
    South West
    Posts
    1,781
    Thank Post
    213
    Thanked 263 Times in 213 Posts
    Rep Power
    67
    oh and if your going to use 802.1x then there is this useful looking software.

    Packetfence

    EDIT: ooops @ADMaster beat me too it
    Last edited by chazzy2501; 16th September 2013 at 10:48 AM.

  15. Thanks to chazzy2501 from:

    MordyT (16th September 2013)

  16. #9
    MordyT's Avatar
    Join Date
    Sep 2012
    Location
    In a computer
    Posts
    424
    Thank Post
    43
    Thanked 68 Times in 63 Posts
    Rep Power
    19
    Thanks everyone. Its either SDI or NAC... Don't remember, but think its SDI. I have my work cut out for me.

SHARE:
+ Post New Thread

Similar Threads

  1. Replies: 15
    Last Post: 15th January 2012, 10:57 PM
  2. Only Allow certain Exe's to run
    By njr in forum Network and Classroom Management
    Replies: 1
    Last Post: 18th October 2010, 10:30 AM
  3. Allow active X controls to be authorised automatically by GPO
    By denon101 in forum Windows Server 2000/2003
    Replies: 2
    Last Post: 20th May 2009, 02:47 PM
  4. Replies: 3
    Last Post: 24th January 2006, 09:44 PM
  5. Only allow certain users to log on to a machine?
    By wesleyw in forum How do you do....it?
    Replies: 7
    Last Post: 16th January 2006, 11:38 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •