Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

Preventing PC's accessing the internet

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA Server 2000 General] >> General >> Preventing PC's accessing the internet Page: [1]
Login
Message << Older Topic   Newer Topic >>
Preventing PC's accessing the internet - 26.Sep.2007 12:00:00 PM   
justinwhelan

 

Posts: 4
Joined: 26.Sep.2007
Status: offline 		Hi All,
 
I am attempting to prevent specific client PC's from accessing the internet through our ISA server. Our network is dhcp so each pc picks up a new address on restart so blocking via IP address isn't really the option.
 
I have created a new security group and added the computer accounts in there but users can still enter valid creditentials and gain access to the internet from the blocked machine.
 
Basically people banned from the internet are able to access the internet by entering valid details at the proxy challenge box and getting away with surfing the web.
 
Any ideas would be welcome!
 
Thanks.
 
Post #: 1
RE: Preventing PC's accessing the internet - 26.Sep.2007 7:01:24 PM   
elmajdal

 

Posts: 5104
Joined: 16.Sep.2004
From: Lebanese in Kuwait
Status: online
quote:

Our network is dhcp so each pc picks up a new address on restart so blocking via IP address isn't really the option.


Create a Reservation in your DHCP Server.

_____________________________

Tarek Majdalani

MS Forefront Edge Security MVP
Website : http://www.elmajdal.net/ISAServer
New Section : http://www.elmajdal.net/Win2k8

(in reply to justinwhelan)
Post #: 2
RE: Preventing PC's accessing the internet - 27.Sep.2007 3:11:22 AM   
justinwhelan

 

Posts: 4
Joined: 26.Sep.2007
Status: offline 		I was trying to avoid doing that. The PC's move around numerous sites which are on numerous vlans but all in the same AD forest so if I can simply add the PC's to a group then deny that group internet access it would be much simpler.

(in reply to elmajdal)
Post #: 3
RE: Preventing PC's accessing the internet - 27.Sep.2007 3:18:11 AM   
elmajdal

 

Posts: 5104
Joined: 16.Sep.2004
From: Lebanese in Kuwait
Status: online 		Well, you can not authenticate computers, you can only authentical users/groups

quote:

Basically people banned from the internet are able to access the internet by
entering valid details at the proxy challenge box and getting away with surfing the web.


then this should be an HR problem, people who do such act should be warned verbally and if it continued then they should be punished !

_____________________________

Tarek Majdalani

MS Forefront Edge Security MVP
Website : http://www.elmajdal.net/ISAServer
New Section : http://www.elmajdal.net/Win2k8

(in reply to justinwhelan)
Post #: 4
RE: Preventing PC's accessing the internet - 27.Sep.2007 3:50:30 AM   
justinwhelan

 

Posts: 4
Joined: 26.Sep.2007
Status: offline 		Be that as it may I still want to see whether this is possible. I don't run HR I just attempt what I am asked to attempt. I was asked to attempt to block PC's rather than users from the internet.

Edit: If you can authenticate groups, and add computer accounts into groups, then surely we can authenticate computers that way?

< Message edited by justinwhelan -- 27.Sep.2007 3:52:28 AM >

(in reply to elmajdal)
Post #: 5
RE: Preventing PC's accessing the internet - 27.Sep.2007 4:55:39 AM   
elmajdal

 

Posts: 5104
Joined: 16.Sep.2004
From: Lebanese in Kuwait
Status: online
quote:

I was asked to attempt to block PC's rather than users from the internet.


u can block computers, but your will need to know their IP addresses, maybe you can assign static IP for these computers that you want to block, and in your DHCP server, put this range in the Exception List, so that these addresses are not assigned by DHCP to other machines

quote:

Edit: If you can authenticate groups, and add computer accounts into groups, then surely we can authenticate computers that way?

Nope, Group of Users

_____________________________

Tarek Majdalani

MS Forefront Edge Security MVP
Website : http://www.elmajdal.net/ISAServer
New Section : http://www.elmajdal.net/Win2k8

(in reply to justinwhelan)
Post #: 6
RE: Preventing PC's accessing the internet - 27.Sep.2007 8:50:03 AM   
justinwhelan

 

Posts: 4
Joined: 26.Sep.2007
Status: offline 		Ok, will give up on that route then. static ip'ing here we come...
 
thanks

(in reply to elmajdal)
Post #: 7

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [ISA Server 2000 General] >> General >> Preventing PC's accessing the internet Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts