client authentication
Last response: in Windows 2000/NT
Archived from groups: microsoft.public.win2000.security (More info?)
How to block a user from accessing the Windows 2000 Server by the MAC
address? Is there a way not to offer IP address from the DHCP server??
How to block a user from accessing the Windows 2000 Server by the MAC
address? Is there a way not to offer IP address from the DHCP server??
More about : client authentication
Archived from groups: microsoft.public.win2000.security (More info?)
First you need to be aware the many nic card drivers do
allow one to set the MAC address that will be used.
You first ask about controlling access to a W2k server,
and next about controlling leasing of IPs from DHCP.
Are these two different concerns or a reexpression of
one? If one, then DHCP will offer an IP to any machine
that asks, if it has available IPs. You can reserve IPs
that are then available each only for a specific MAC,
and if all IPs in the scope are so reserved then there
are none available to MAC addresses which have not
been so provided for. This is sort of a tedious way to
get at what you are after, except in reverse.
--
Roger Abell
Microsoft MVP (Windows Security)
MCSE (W2k3,W2k,Nt4) MCDBA
"siumama" <siumama@discussions.microsoft.com> wrote in message
news:E3B4ED05-84AA-4AA9-8E68-25292BC1AEC7@microsoft.com...
> How to block a user from accessing the Windows 2000 Server by the MAC
> address? Is there a way not to offer IP address from the DHCP server??
First you need to be aware the many nic card drivers do
allow one to set the MAC address that will be used.
You first ask about controlling access to a W2k server,
and next about controlling leasing of IPs from DHCP.
Are these two different concerns or a reexpression of
one? If one, then DHCP will offer an IP to any machine
that asks, if it has available IPs. You can reserve IPs
that are then available each only for a specific MAC,
and if all IPs in the scope are so reserved then there
are none available to MAC addresses which have not
been so provided for. This is sort of a tedious way to
get at what you are after, except in reverse.
--
Roger Abell
Microsoft MVP (Windows Security)
MCSE (W2k3,W2k,Nt4) MCDBA
"siumama" <siumama@discussions.microsoft.com> wrote in message
news:E3B4ED05-84AA-4AA9-8E68-25292BC1AEC7@microsoft.com...
> How to block a user from accessing the Windows 2000 Server by the MAC
> address? Is there a way not to offer IP address from the DHCP server??
Archived from groups: microsoft.public.win2000.security (More info?)
Not directly but your options could be to use mac filtering with a switch
that is capable of such, an ipsec filtering policy on the server, or better
yet an ipsec negotiation policy that requires computer authentication before
access is allowed to the server. Ipsec negotiation however can not be used
if the server is a domain controller. All of that would be controlling
access of the computer and not the user directly. To control user access you
can also use user rights such as access or deny access this computer from
the network or restrictive share/ntfs permissions. That would restrict the
user no matter what computer he was on while restricting computer access
would restrict all users on the computer. --- Steve
"siumama" <siumama@discussions.microsoft.com> wrote in message
news:E3B4ED05-84AA-4AA9-8E68-25292BC1AEC7@microsoft.com...
> How to block a user from accessing the Windows 2000 Server by the MAC
> address? Is there a way not to offer IP address from the DHCP server??
Not directly but your options could be to use mac filtering with a switch
that is capable of such, an ipsec filtering policy on the server, or better
yet an ipsec negotiation policy that requires computer authentication before
access is allowed to the server. Ipsec negotiation however can not be used
if the server is a domain controller. All of that would be controlling
access of the computer and not the user directly. To control user access you
can also use user rights such as access or deny access this computer from
the network or restrictive share/ntfs permissions. That would restrict the
user no matter what computer he was on while restricting computer access
would restrict all users on the computer. --- Steve
"siumama" <siumama@discussions.microsoft.com> wrote in message
news:E3B4ED05-84AA-4AA9-8E68-25292BC1AEC7@microsoft.com...
> How to block a user from accessing the Windows 2000 Server by the MAC
> address? Is there a way not to offer IP address from the DHCP server??
Related ressources:
- ForumUsing group authentication with builtin Windows client
- ForumClient machine authentication falling back to NTLM.
- ForumPass through of Web authentication to a bridge/WAP
- ForumWindows 9x clients authentication
- ForumMulti-vendor IP camera web interface authentication bypass
- ForumHelp to Find out Which W2K DC the XP client authenticate
- ForumAny browser can support Socks5 proxy with user/password authentication
- ForumHow do you connect to the authentication server for steam
- ForumVarious Authentication Methods used by ISP's
- ForumNew Authentication process...
- Forum802.1x authentication ..
- Forum802.1x authentication issues.
- ForumParallel and com ports not appearing in device manager
- ForumC++ RADIUS client
- ForumProxy Server Authentication Vs ISA Server
- Forumcertificate authentication
- ForumEnterprise CA and RADIUS authentication
- ForumWhat makes client get 'certificate' warning pop up ?
- Forum802.1x Authentication for non-domain machines
- ForumDCOM Autho Error 529 and 681 with Default Authentication L..
- More resources
!
