Is this for remote access clients? If so, read up on Network Access Quarantine here http://technet.microsoft.com/en-us/library/bb726973.aspx. In Windows 2008 we'll have Network Access Protection, that may be more of what you're looking for http://technet.microsoft.com/en-us/network/bb545879.aspx. I've never been able to come up with anything using Windows 2003 to secure our internal network like this, and we won't use Cisco products so we are anxiously waiting for Windows 2008.
------------------------------------------------- Thank you, Pete Kretche MCP, A+ Network Systems Administrator UW - Green Bay Voice: 920.465.5014 Fax: 920.465.2864 [EMAIL PROTECTED]<mailto:[EMAIL PROTECTED]> From: Young Rex [mailto:[EMAIL PROTECTED] Sent: Thursday, February 07, 2008 3:23 PM To: Active Directory Admin Issues Subject: GPO for non-compliant0 XP desktops I'm trying to come up with a GPO for non-compliant desktops. Non-compliant in the sense that they have not checked into SMS, or the anti-virus is out of date. This GPO would disable certain functionality until they called into the help desk. I'm looking for settings that would impact users in a negative way to get them to call in. Any ideas? Rex Young [EMAIL PROTECTED]<mailto:[EMAIL PROTECTED]> ~ NEW: CounterSpy Enterprise: Centralized Antispyware - #1 in eWEEK Test! ~ ~ ~ ~ NEW: CounterSpy Enterprise: Centralized Antispyware - #1 in eWEEK Test! ~ ~ <http://www.sunbelt-software.com/product.cfm?id=400> ~
