Sign in with
Sign up | Sign in
Your question

client authentication

Last response: in Windows 2000/NT
Share
Anonymous
August 17, 2005 10:51:01 PM

Archived from groups: microsoft.public.win2000.security (More info?)

How to block a user from accessing the Windows 2000 Server by the MAC
address? Is there a way not to offer IP address from the DHCP server??

More about : client authentication

Anonymous
August 17, 2005 11:56:42 PM

Archived from groups: microsoft.public.win2000.security (More info?)

First you need to be aware the many nic card drivers do
allow one to set the MAC address that will be used.

You first ask about controlling access to a W2k server,
and next about controlling leasing of IPs from DHCP.
Are these two different concerns or a reexpression of
one? If one, then DHCP will offer an IP to any machine
that asks, if it has available IPs. You can reserve IPs
that are then available each only for a specific MAC,
and if all IPs in the scope are so reserved then there
are none available to MAC addresses which have not
been so provided for. This is sort of a tedious way to
get at what you are after, except in reverse.

--
Roger Abell
Microsoft MVP (Windows Security)
MCSE (W2k3,W2k,Nt4) MCDBA
"siumama" <siumama@discussions.microsoft.com> wrote in message
news:E3B4ED05-84AA-4AA9-8E68-25292BC1AEC7@microsoft.com...
> How to block a user from accessing the Windows 2000 Server by the MAC
> address? Is there a way not to offer IP address from the DHCP server??
Anonymous
August 18, 2005 4:35:24 AM

Archived from groups: microsoft.public.win2000.security (More info?)

Not directly but your options could be to use mac filtering with a switch
that is capable of such, an ipsec filtering policy on the server, or better
yet an ipsec negotiation policy that requires computer authentication before
access is allowed to the server. Ipsec negotiation however can not be used
if the server is a domain controller. All of that would be controlling
access of the computer and not the user directly. To control user access you
can also use user rights such as access or deny access this computer from
the network or restrictive share/ntfs permissions. That would restrict the
user no matter what computer he was on while restricting computer access
would restrict all users on the computer. --- Steve



"siumama" <siumama@discussions.microsoft.com> wrote in message
news:E3B4ED05-84AA-4AA9-8E68-25292BC1AEC7@microsoft.com...
> How to block a user from accessing the Windows 2000 Server by the MAC
> address? Is there a way not to offer IP address from the DHCP server??
!