Can I only allow 1 active nic at one time?

[keeper_72]

Does anyone know of a software app, configuration or GPO that can only allow one active network interface card at one time?

We need to stop people from having a Lan connection and a Wireless connection at the same time.

We are using Win XP and McAfee Desktop Firewall. It looks like McAfee cannot stop this problem, currently trying to get support on this from them but little chance of them fixing their product.

I am looking for any Windows config, bios setting, 3rd party apps that can stop the ability to bridge the Lan network and any Wireless network.

Any help you could provide would be greatly appreciated.

 

[blue68f100]

It sounds like you have no security on your network. Allowing free access. You need to configure your AP to block users from jumping ships.

 

[kwebb]

McAfee won't "Fix their product" because it isn't broken. It's not McAfee's problem.

It's not a windows problem. It's a hardware/software management problem. A human problem.

If the laptops are company owned then disable the wireless card in the BIOS and password protect the BIOS.

There are several ways to go about doing what you want. You need to provide more details about your environment however and what exactly the problem is or it's all a guess.

Since you mentioned GPO's we can only make the assumption your running AD in a windows 2000 or 2003 environment. Which at least implies this is a business, perhaps a school. You control that world from the base so implementing GPO's is something that really doesn't come into play here. You dictate what you want to the employees and react accordingly if you find an alternative happening with the companies gear.

Having said all that, if the laptops are company owned I would suggest either the BIOS adjustment, assuming the wireless are internal cards, or disable XP's Wireless config service. This could be done by GPO if you like. Without that the laptop/desktop would be regulated to third party software,which assumably would need to be installed. Hopefully your users cannot install software. If they can, then there is your first order of business. Removing them from a local group that can add hardware/software.

 

[keeper_72]

What I would like to stop is having two active network cards at one time. The reason is that our software firewall doesn’t implement rules at the interface level. Therefore if we have an internal Lan connection and a wireless connection by accident to someone else’s network the firewall thinks that it is internal and allows Incoming traffic. I can’t rely on just the telling the users to not turn on their wireless when they are connected internally.

If I could find a way to only allow one active NIC then this network bridging issue goes away and the firewall will work properly again.

I do have a script that does disable wireless but I cannot find a proper trigger point to run it. Sometimes our users boot up their laptop then plug into the internal Lan so running this script in a login script won’t work that well. Does anyone know if there is a way to run this script anytime the Lan connection is plugged in?

Any help would be greatly appreciated.

 

[site3op]

Yes, how about setting up a domain that they have to log in to...

It sounds like you are running a workgroup rather than a domain:

Sometimes our users boot up their laptop then plug into the internal Lan

Either that or you have open shares going on (also a bad move.)

Which is it?

Who owns the laptops? The company or the users?

 

[rick_001]

Hi, This response is probably a bit late.. however, I am investigating a product that comes with the Telstra Aircard available here in Australia, one of the componant applications monitors all wireless connections including the aircard.. as soon as a connection is detected on the internal LAN port wireless automatically dissconnects and disables itself.. I have no Idea what th eproduct is called or who made it.. but hopeully I will be able to find the vendor and get it. We have Company standards that insist on all wireless adapters be disabled when connected to the corporate network.. and I have to find a way to make this happen with as little user intervention as possible.. if anyone knows of this product or has found an alternatiive pls let me know,, Im sure many are struggling with this same issue.. Regards Richard

 

[bbad999]

Were you ever able to find this software that disabled the ethernet port when an access point was connected too over WiFi?