+ Post New Thread
Page 2 of 2 FirstFirst 12
Results 16 to 26 of 26
Windows Thread, Block Student Laptops in Technical; I would look at implementing a solution to stop them getting onto the internal network at all, or restricting them ...
  1. #16

    SYNACK's Avatar
    Join Date
    Oct 2007
    Posts
    11,193
    Thank Post
    875
    Thanked 2,720 Times in 2,303 Posts
    Blog Entries
    11
    Rep Power
    781
    I would look at implementing a solution to stop them getting onto the internal network at all, or restricting them to certain areas of it. You could setup the free PacketFence (PacketFence: Home) software to isolate unwanted hosts or use the included NAP (network access protection) in Windows 2008 Server if you have it, this would get past the simple MAC address check as it looks at the system itself and checks criteria (pretty sure domain membership can be one of these)

    ITidiots Episode 68: Windows 2008 Network Access Protection :: Tech Videos, Screencasts, Webinars, Techtalks, Tutorials

    I do agree with the others though in that a proxy that supports AD integration would be the quickest and easiest solution.

  2. #17
    Arcath's Avatar
    Join Date
    Feb 2009
    Location
    Lancashire
    Posts
    972
    Thank Post
    102
    Thanked 116 Times in 101 Posts
    Rep Power
    74
    Quote Originally Posted by GrumbleDook View Post
    If you want to be horrible then you could have DHCP running but all clients are assigned a reserved IP based on MAC address, the remainder of the scope passes it to a different gateway ... one that goes nowhere.

    They get an address and gateway but it buggers them up for a bit ... just a bit of an inconvenience but every bit that is another layer of annoyance is fun.
    that wouldnt stop them setting a static IP.

    suppose you could create a "whitelist" of mac addresses in your switches but that would make installing any new equipment annoying, but would mean that at a hardware level thier laptops wouldnt be able to use the network

  3. #18

    Join Date
    Feb 2008
    Posts
    270
    Thank Post
    14
    Thanked 44 Times in 35 Posts
    Rep Power
    22
    If your switches support it then turn on port security to help prevent them plugging in with a cable- mine is set for one mac address per port so if a student pulls the patch lead and plugs in an unauthorised device it shuts the port down.

    Of course that won't stop them where you have outlets where you need lots of different machines to have access (like laptops) at the front of a classroom etc

  4. #19
    teddybear's Avatar
    Join Date
    Jan 2009
    Location
    Scotland
    Posts
    179
    Thank Post
    48
    Thanked 39 Times in 30 Posts
    Rep Power
    18
    Quote Originally Posted by ssiruuk2 View Post
    If your switches support it then turn on port security to help prevent them plugging in with a cable- mine is set for one mac address per port so if a student pulls the patch lead and plugs in an unauthorised device it shuts the port down.

    Of course that won't stop them where you have outlets where you need lots of different machines to have access (like laptops) at the front of a classroom etc
    supposing a non authorised laptop or device is used, does this not create a whole load of work for you, or can you enable the port again remotely?

  5. #20
    Vegas's Avatar
    Join Date
    Jul 2005
    Location
    Gloucestershire
    Posts
    371
    Thank Post
    19
    Thanked 38 Times in 31 Posts
    Rep Power
    30
    Do anyone besides the kids use your router at weekends? If not just unplug it!

  6. #21

    Join Date
    Apr 2007
    Location
    York
    Posts
    560
    Thank Post
    10
    Thanked 4 Times in 4 Posts
    Rep Power
    20
    Thanks for the replies guys.
    I was hoping that some tweek to the system would do it - Damn !!

    Tom Newton - we are trialing your school guardian at the moment !!

    Unfortuntely powering off is not an option as staff use it on a weekend too

  7. #22

    Join Date
    Apr 2007
    Location
    York
    Posts
    560
    Thank Post
    10
    Thanked 4 Times in 4 Posts
    Rep Power
    20
    DHCP Block on Mac address might be the option, just tried on my iphone and does the job so trying with a cable now. Given the false router address.

  8. #23


    tom_newton's Avatar
    Join Date
    Sep 2006
    Location
    Leeds
    Posts
    4,475
    Thank Post
    867
    Thanked 850 Times in 672 Posts
    Rep Power
    196
    karl - duh - I should have remembered, I spoke to you before I went on my holidays. Brain is still in Nairobi, clearly

  9. #24

    Michael's Avatar
    Join Date
    Dec 2005
    Location
    Birmingham
    Posts
    9,262
    Thank Post
    242
    Thanked 1,572 Times in 1,252 Posts
    Rep Power
    340
    DHCP Block on Mac address might be the option, just tried on my iphone and does the job so trying with a cable now. Given the false router address.
    You can still allocate a static IP address however. Thinking about it more, the solution to this problem isn't really DHCP; it's definitely the proxy side of things. They're connecting through the proxy to surf the internet. That's the students whole purpose, so re-configuring permissions or time restrictions on the proxy would be the answer.

  10. #25

    Join Date
    Apr 2007
    Location
    York
    Posts
    560
    Thank Post
    10
    Thanked 4 Times in 4 Posts
    Rep Power
    20
    Quote Originally Posted by Michael View Post
    You can still allocate a static IP address however. Thinking about it more, the solution to this problem isn't really DHCP; it's definitely the proxy side of things. They're connecting through the proxy to surf the internet. That's the students whole purpose, so re-configuring permissions or time restrictions on the proxy would be the answer.
    Your right but the proxy we have at present doesn't allow that, plus its weekends, so the staff are using the internet too.

    Not sure the kids would be bright enough to assign static IP !! (Or i hope not)

  11. #26

    Join Date
    Apr 2007
    Location
    York
    Posts
    560
    Thank Post
    10
    Thanked 4 Times in 4 Posts
    Rep Power
    20
    HELP !!

    In DHCP added the Mac address to reservations. Set the gateway in dhcp for that machine to something false. However, pc still connects via the proxy (different server) !

SHARE:
+ Post New Thread
Page 2 of 2 FirstFirst 12

Similar Threads

  1. Providing wireless internet access for student laptops
    By meastaugh1 in forum How do you do....it?
    Replies: 9
    Last Post: 2nd February 2008, 02:39 PM
  2. Licenses & Student Owned Laptops
    By byron67 in forum Educational Software
    Replies: 5
    Last Post: 15th January 2008, 09:29 AM
  3. Replies: 1
    Last Post: 24th July 2007, 08:10 PM
  4. what do you do - student laptops on domain
    By e_g_r in forum School ICT Policies
    Replies: 5
    Last Post: 13th June 2007, 08:56 AM
  5. Student Laptops / Domain access...
    By Ben_Stanton in forum How do you do....it?
    Replies: 8
    Last Post: 3rd May 2007, 09:36 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •