Check for Anti Virus software

[Dan]

Archived from groups: microsoft.public.win2000.active_directory (More info?)

Hello,
I have a requirement that noone without A.V. software be able to logon to
my 2K3 domain and was wondering if anyone out there is doing anything like
that. I know I could do a file check via a logon script and intsall the
software if the file isn't found but that seems very NT 4 to me. Is there
any better way to do this type of thing these days? Maybe a GPO but I don't
think I've seen such a policy. I guess ideally, at logon the system would be
checked for the software, if not installed the user would be prompted to
install and if they said no they would just not get logged on to the
domain... is that possible?
Thanks,
Dan

 

[Guest]

Archived from groups: microsoft.public.win2000.active_directory (More info?)

You're still stuck scripting, unfortunately. In 2003, you have Network
Access Quarantine Control:
http://www.microsoft.com/windowsserver2003/techinfo/overview/quarantine.mspx,
which will perform "health checks" on computers before they're allowed to
log on.

Network Access Protection will be a big improvement on NAQC in terms of
usability, but right now that's still "in the Longhorn timeframe."


--
Laura E. Hunter
Microsoft MVP - Windows Server Networking
Author: _Active Directory Consultant's Field Guide_
(http://tinyurl.com/7f8ll)

All information provided "AS-IS", no warranties expressed or implied.
Replies to newsgroup only.


"Dan" <Dan@discussions.microsoft.com> wrote in message
news:B80C03C2-F5B4-4735-B7A4-15455C5CACAE@microsoft.com...
> Hello,
> I have a requirement that noone without A.V. software be able to logon to
> my 2K3 domain and was wondering if anyone out there is doing anything like
> that. I know I could do a file check via a logon script and intsall the
> software if the file isn't found but that seems very NT 4 to me. Is there
> any better way to do this type of thing these days? Maybe a GPO but I
> don't
> think I've seen such a policy. I guess ideally, at logon the system would
> be
> checked for the software, if not installed the user would be prompted to
> install and if they said no they would just not get logged on to the
> domain... is that possible?
> Thanks,
> Dan

 

[Dan]

Archived from groups: microsoft.public.win2000.active_directory (More info?)

Thanks for the info Laura, is this only viable in remote access situations?
I'm just as concerned with computers in my office whether they be personal
employee laptops or guests on site having issues.
Thanks,
Dan

"Laura E. Hunter (MVP)" wrote:

> You're still stuck scripting, unfortunately. In 2003, you have Network
> Access Quarantine Control:
> http://www.microsoft.com/windowsserver2003/techinfo/overview/quarantine.mspx,
> which will perform "health checks" on computers before they're allowed to
> log on.
>
> Network Access Protection will be a big improvement on NAQC in terms of
> usability, but right now that's still "in the Longhorn timeframe."
>
>
> --
> Laura E. Hunter
> Microsoft MVP - Windows Server Networking
> Author: _Active Directory Consultant's Field Guide_
> (http://tinyurl.com/7f8ll)
>
> All information provided "AS-IS", no warranties expressed or implied.
> Replies to newsgroup only.
>
>
> "Dan" <Dan@discussions.microsoft.com> wrote in message
> news:B80C03C2-F5B4-4735-B7A4-15455C5CACAE@microsoft.com...
> > Hello,
> > I have a requirement that noone without A.V. software be able to logon to
> > my 2K3 domain and was wondering if anyone out there is doing anything like
> > that. I know I could do a file check via a logon script and intsall the
> > software if the file isn't found but that seems very NT 4 to me. Is there
> > any better way to do this type of thing these days? Maybe a GPO but I
> > don't
> > think I've seen such a policy. I guess ideally, at logon the system would
> > be
> > checked for the software, if not installed the user would be prompted to
> > install and if they said no they would just not get logged on to the
> > domain... is that possible?
> > Thanks,
> > Dan
>
>
>

 

[Guest]

Archived from groups: microsoft.public.win2000.active_directory (More info?)

NAQC is just for remote access clients, yes. You might want to look at a
3rd party solution from someone like Cisco (Network Access Control) or one
of the other router shops to fill an immediate need. They can do neat stuff
like shunting even local clients off to an isolated VLAN until they can pass
whatever health checks you've stipulated. (NAQC does this now, but only for
RRAS connections.)
--
Laura E. Hunter
Microsoft MVP - Windows Server Networking
Author: _Active Directory Consultant's Field Guide_
(http://tinyurl.com/7f8ll)

All information provided "AS-IS", no warranties expressed or implied.
Replies to newsgroup only.


"Dan" <Dan@discussions.microsoft.com> wrote in message
news:F5BC5226-D4AD-451E-9F3B-83589FE36B18@microsoft.com...
> Thanks for the info Laura, is this only viable in remote access
> situations?
> I'm just as concerned with computers in my office whether they be personal
> employee laptops or guests on site having issues.
> Thanks,
> Dan
>
> "Laura E. Hunter (MVP)" wrote:
>
>> You're still stuck scripting, unfortunately. In 2003, you have Network
>> Access Quarantine Control:
>> http://www.microsoft.com/windowsserver2003/techinfo/overview/quarantine.mspx,
>> which will perform "health checks" on computers before they're allowed to
>> log on.
>>
>> Network Access Protection will be a big improvement on NAQC in terms of
>> usability, but right now that's still "in the Longhorn timeframe."
>>
>>
>> --
>> Laura E. Hunter
>> Microsoft MVP - Windows Server Networking
>> Author: _Active Directory Consultant's Field Guide_
>> (http://tinyurl.com/7f8ll)
>>
>> All information provided "AS-IS", no warranties expressed or implied.
>> Replies to newsgroup only.
>>
>>
>> "Dan" <Dan@discussions.microsoft.com> wrote in message
>> news:B80C03C2-F5B4-4735-B7A4-15455C5CACAE@microsoft.com...
>> > Hello,
>> > I have a requirement that noone without A.V. software be able to logon
>> > to
>> > my 2K3 domain and was wondering if anyone out there is doing anything
>> > like
>> > that. I know I could do a file check via a logon script and intsall
>> > the
>> > software if the file isn't found but that seems very NT 4 to me. Is
>> > there
>> > any better way to do this type of thing these days? Maybe a GPO but I
>> > don't
>> > think I've seen such a policy. I guess ideally, at logon the system
>> > would
>> > be
>> > checked for the software, if not installed the user would be prompted
>> > to
>> > install and if they said no they would just not get logged on to the
>> > domain... is that possible?
>> > Thanks,
>> > Dan
>>
>>
>>

 

[Guest]

Archived from groups: microsoft.public.win2000.active_directory (More info?)

Dan

You could write a login scirpt to do this. I know MS are working on exactly
what you need to do for RAS users and is due out in W2K3 SP1. I wouldn't
install it yet as it is only eval.

Regards

"Dan" wrote:

> Hello,
> I have a requirement that noone without A.V. software be able to logon to
> my 2K3 domain and was wondering if anyone out there is doing anything like
> that. I know I could do a file check via a logon script and intsall the
> software if the file isn't found but that seems very NT 4 to me. Is there
> any better way to do this type of thing these days? Maybe a GPO but I don't
> think I've seen such a policy. I guess ideally, at logon the system would be
> checked for the software, if not installed the user would be prompted to
> install and if they said no they would just not get logged on to the
> domain... is that possible?
> Thanks,
> Dan