If you are going to a Windows 2000 active directory based network then for pure ease of administration use MS ISA server which extends the AD. You can then create an 'internet access' group and add the users you want to give inet access to. Everything else would be denied. As for the linux boxes you can authorise access by IP address but I'm not sure what you would do if you run DHCP. Hopefully someone who has done this will give that info. I've ran the ISA server with a mix of Windows, Mac, Linux and FreeBSD clients and that worked well. But in that case you were let through if you were on the internal network with an IP address of 10...* Also you gain VPN which you may have been considering.
Chris Norris -----Original Message----- From: Edward Desroches [mailto:[EMAIL PROTECTED]] Sent: 13 June 2002 02:14 To: [EMAIL PROTECTED] Subject: Restrict Network Access A quick security-basics question. =) Users on NetworkX can bring in a laptop, plug it in, and gain access to the Internet. How can you allow only users logged in with a domain account access to the Internet (not just WWW, all connectivity). The network is running Windows NT servers with Windows 2000 clients. Windows 2000 Server is going to replace NT in the future. If anyone could give an answer relating to a Linux environment as well, it would be helpful. Thanks for any help. -Ed
