client authentication

Archived from groups: microsoft.public.win2000.security (More info?)

How to block a user from accessing the Windows 2000 Server by the MAC
address? Is there a way not to offer IP address from the DHCP server??
2 answers Last reply
More about client authentication
  1. Archived from groups: microsoft.public.win2000.security (More info?)

    First you need to be aware the many nic card drivers do
    allow one to set the MAC address that will be used.

    You first ask about controlling access to a W2k server,
    and next about controlling leasing of IPs from DHCP.
    Are these two different concerns or a reexpression of
    one? If one, then DHCP will offer an IP to any machine
    that asks, if it has available IPs. You can reserve IPs
    that are then available each only for a specific MAC,
    and if all IPs in the scope are so reserved then there
    are none available to MAC addresses which have not
    been so provided for. This is sort of a tedious way to
    get at what you are after, except in reverse.

    --
    Roger Abell
    Microsoft MVP (Windows Security)
    MCSE (W2k3,W2k,Nt4) MCDBA
    "siumama" <siumama@discussions.microsoft.com> wrote in message
    news:E3B4ED05-84AA-4AA9-8E68-25292BC1AEC7@microsoft.com...
    > How to block a user from accessing the Windows 2000 Server by the MAC
    > address? Is there a way not to offer IP address from the DHCP server??
  2. Archived from groups: microsoft.public.win2000.security (More info?)

    Not directly but your options could be to use mac filtering with a switch
    that is capable of such, an ipsec filtering policy on the server, or better
    yet an ipsec negotiation policy that requires computer authentication before
    access is allowed to the server. Ipsec negotiation however can not be used
    if the server is a domain controller. All of that would be controlling
    access of the computer and not the user directly. To control user access you
    can also use user rights such as access or deny access this computer from
    the network or restrictive share/ntfs permissions. That would restrict the
    user no matter what computer he was on while restricting computer access
    would restrict all users on the computer. --- Steve


    "siumama" <siumama@discussions.microsoft.com> wrote in message
    news:E3B4ED05-84AA-4AA9-8E68-25292BC1AEC7@microsoft.com...
    > How to block a user from accessing the Windows 2000 Server by the MAC
    > address? Is there a way not to offer IP address from the DHCP server??
Ask a new question

Read More

Authentication Servers Windows