and, in the future, NAP.
~Brian
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Dean Wells
Sent: Saturday, February 04, 2006 9:34 AM
To: Send - AD mailing list
Subject: RE: [ActiveDir] Getting better control over DHCP
Nod, thanks for the confirmation ... I
:[EMAIL PROTECTED] On Behalf Of Brian Puhl
Sent: Saturday, February 04, 2006 12:01 AM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Getting better control over DHCP
At Microsoft we do not use 802.1x, so if you were to walk up to a port on
our corporate network and plug in, you would get
Sent: Saturday, February 04, 2006 12:01 AM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Getting better control over DHCP
At Microsoft we do not use 802.1x, so if you were to walk up to a port on
our corporate network and plug in, you would get an IP and have access to
some things.
What
IT-Original Message-From: [EMAIL PROTECTED][mailto:
[EMAIL PROTECTED]] On Behalf Of Dean WellsSent: Friday, February 03, 2006 7:19 PMTo: Send - AD mailing listSubject: RE: [ActiveDir] Getting better control over DHCP
Microsoft uses 802.1x auth. I believe ... as do many.--Dean WellsMSEtechnology* Email
@mail.activedir.org
Subject: Re: [ActiveDir] Getting
better control over DHCP
Edwin, I'm sure you've noticed by now but joe and
Brian (both) have given you a really good idea of what you need to do to solve
this. As indicated, to achieve your goal of preventing any unauthorized
access to the network
PROTECTED]
|[mailto:[EMAIL PROTECTED] On Behalf Of Brian Puhl
|Sent: Saturday, February 04, 2006 6:01 AM
|To: ActiveDir@mail.activedir.org
|Subject: RE: [ActiveDir] Getting better control over DHCP
|
|At Microsoft we do not use 802.1x, so if you were to walk up
|to a port on our corporate network
question could be more
easily answered.
Thank you again everyone.
Edwin
From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Al Garrett
Sent: Saturday, February 04, 2006
9:55 AM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Getting
better control over DHCP
I'm not sure if it's the best way to do it, but you could
set your entire scope to be in one exclusion range, then assign static DHCP to
authorised MACs. After that, for added security, you could set a second scope to
give out leases outside your network range so that unauth ppl will get a
concrete solution.
But thank you very much for your reply.
Edwi
From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Marc A. Mapplebeck
Sent: Friday, February 03, 2006
7:38 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Getting
better control over DHCP
I'm
Of
EdwinSent: February 3, 2006 20:55To:
ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] Getting better
control over DHCP
Assigning IPs based
off of MAC addresses would be a huge headache! Besides, just as you said
the network savvy person can easily find out the IP range if needed and assign
Youd have to go with DHCP reservations for each Mac you want to
authorize. Some of the NAC and NAP stuff thats starting to come out from
MS and Cisco is also an option to consider.
Thanks,
Brian Desmond
[EMAIL PROTECTED]
c -
312.731.3132
From:
[EMAIL PROTECTED]
--
O'Reilly Active Directory Third Edition - http://www.joeware.net/win/ad3e.htm
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of
EdwinSent: Friday, February 03, 2006 7:55 PMTo:
ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] Getting better
control over DHCP
Assigning IPs
/ad3e.htm
*From:* [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] *On Behalf Of *Edwin
*Sent:* Friday, February 03, 2006 7:55 PM
*To:* ActiveDir@mail.activedir.org
*Subject:* RE: [ActiveDir] Getting better control over DHCP
PROTECTED] On Behalf Of Susan Bradley, CPA
aka Ebitz - SBS Rocks [MVP]
Sent: Friday, February 03, 2006 8:42 PM
To: ActiveDir@mail.activedir.org
Subject: Re: [ActiveDir] Getting better control over DHCP
Can't this be done with ...what is MS using? Is it Ipsec and smartcard
authentication?
You go
Server Administrator
Texas Christian University
(817) 257-6971
From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of joe
Sent: Friday, February 03, 2006
7:37 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Getting
better control over DHCP
There is nothing you
03, 2006 8:42 PM
To: ActiveDir@mail.activedir.org
Subject: Re: [ActiveDir] Getting better control over DHCP
Can't this be done with ...what is MS using? Is it Ipsec and smartcard
authentication?
You go to Redmond, stick in a rj45 and unless you have a lovely plastic
thingy with a chip you don't
@mail.activedir.org
*Subject:* RE: [ActiveDir] Getting better control over DHCP
I'm not sure if it's the best way to do it, but you could set your
entire scope to be in one exclusion range, then assign static DHCP to
authorised MACs. After that, for added security, you could set a
second scope
Bradley, CPA
aka Ebitz - SBS Rocks [MVP]
Sent: Friday, February 03, 2006 8:42 PM
To: ActiveDir@mail.activedir.org
Subject: Re: [ActiveDir] Getting better control over DHCP
Can't this be done with ...what is MS using? Is it Ipsec and smartcard
authentication?
You go to Redmond, stick in a rj45
Title: Re: [ActiveDir] Getting better control over DHCP
I was under the impression it
was 802.1x. Your certificate is stored on the smartcard.
Cheers
Ken
From: [EMAIL PROTECTED] on
behalf of Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP]Sent: Sat
2/4/2006 2:25 PMTo: ActiveDir
of Susan Bradley,
CPA aka Ebitz - SBS Rocks [MVP]
*Sent:* Sat 2/4/2006 2:25 PM
*To:* ActiveDir@mail.activedir.org
*Subject:* Re: [ActiveDir] Getting better control over DHCP
Actually I don't think it was as there's a security issue with 802.1x
wired connections.. (wireless no, wired there's an issue
:* Sat 2/4/2006 2:25 PM
*To:* ActiveDir@mail.activedir.org
*Subject:* Re: [ActiveDir] Getting better control over DHCP
Actually I don't think it was as there's a security issue with 802.1x
wired connections.. (wireless no, wired there's an issue that Slav and
Steve Riley have discussed)
Let me get
:[EMAIL PROTECTED] On Behalf Of Dean Wells
Sent: Friday, February 03, 2006 7:19 PM
To: Send - AD mailing list
Subject: RE: [ActiveDir] Getting better control over DHCP
Microsoft uses 802.1x auth. I believe ... as do many.
--
Dean Wells
MSEtechnology
* Email: [EMAIL PROTECTED]
http
22 matches
Mail list logo