I would look at implementing a solution to stop them getting onto the internal network at all, or restricting them to certain areas of it. You could setup the free PacketFence (PacketFence: Home) software to isolate unwanted hosts or use the included NAP (network access protection) in Windows 2008 Server if you have it, this would get past the simple MAC address check as it looks at the system itself and checks criteria (pretty sure domain membership can be one of these)
ITidiots Episode 68: Windows 2008 Network Access Protection :: Tech Videos, Screencasts, Webinars, Techtalks, Tutorials
I do agree with the others though in that a proxy that supports AD integration would be the quickest and easiest solution.
If your switches support it then turn on port security to help prevent them plugging in with a cable- mine is set for one mac address per port so if a student pulls the patch lead and plugs in an unauthorised device it shuts the port down.
Of course that won't stop them where you have outlets where you need lots of different machines to have access (like laptops) at the front of a classroom etc
Do anyone besides the kids use your router at weekends? If not just unplug it!
Thanks for the replies guys.
I was hoping that some tweek to the system would do it - Damn !!
Tom Newton - we are trialing your school guardian at the moment !!
Unfortuntely powering off is not an option as staff use it on a weekend too
DHCP Block on Mac address might be the option, just tried on my iphone and does the job so trying with a cable now. Given the false router address.
karl - duh - I should have remembered, I spoke to you before I went on my holidays. Brain is still in Nairobi, clearly
You can still allocate a static IP address however. Thinking about it more, the solution to this problem isn't really DHCP; it's definitely the proxy side of things. They're connecting through the proxy to surf the internet. That's the students whole purpose, so re-configuring permissions or time restrictions on the proxy would be the answer.DHCP Block on Mac address might be the option, just tried on my iphone and does the job so trying with a cable now. Given the false router address.
In DHCP added the Mac address to reservations. Set the gateway in dhcp for that machine to something false. However, pc still connects via the proxy (different server) !
There are currently 1 users browsing this thread. (0 members and 1 guests)