One way that might work for you is to create a quarantine
network similar to what is used for VPN access. To get connected a user
has to meet certain criteria before being allowed on thetrusted network
(where a browse list could be used/modified etc). Some criteria might be a
successful
At the lower layers of the OSI stack, the only way I'm aware of to block
computers from getting an IP address is to use port-based authentication
if your network hardware supports it. As Al mentioned, quarantine
networks are becoming a more realistic solution, but don't address the
basics of DHCP.
Title: Message
MS has
an offering named Quarantine Control which can be used to control RAS clients
but this (today) does not apply to non-remote clients.
The
following article implies that plans are in motion to extend this model to
include non-remote clients although you'll need to wait
: Monday, May 16, 2005 9:40 AM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Secure DHCP
At the lower layers of the OSI stack, the only way I'm aware of to block
computers from getting an IP address is to use port-based authentication if
your network hardware supports it. As Al mentioned
Kaiser
Sent: Monday, May 16, 2005 9:40 AM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Secure DHCP
At the lower layers of the OSI stack, the only way I'm aware of to block
computers from getting an IP address is to use port-based authentication
if
your network hardware supports it. As Al
PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Dan DeStefano
Sent: Monday, May 16, 2005 9:59 AM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Secure DHCP
I thought about that, but I think it would quickly become cumbersome to
manage. Kind of defeats most of the purpose of DHCP.
Dan
