locked
guest access to internet RRS feed

  • Question

  • Ok, as it was suggested, I am asking here. :)

    Is there a way to prevent users which connect his personal laptops to workplace network, to have no access to internet.

    Something like they don't get right DNS, but only domain clients can.

    I use DHCP for IPs and clients gets servers IP 192.168.0.1 for DNS and on server DNS i have setup internets DNS.

    Point is to prevent users to connect their home laptops to our network and use torrent to download things and using FB.

    server is windows 2008 r2, ad clients are windows 7


    I never left an open problem....I search, dig and ask, until it's solved....


    • Edited by Blisk1 Friday, December 5, 2014 9:02 AM
    Friday, December 5, 2014 9:02 AM

All replies

  • Hi Blisk1,

    Based on your description, the goal is to prevent users to connect their home laptops to your network.

    You could try to deploy NAP enforcement for DHCP. Using DHCP enforcement, DHCP servers and NPS can enforce health policy when a computer attempts to lease or renew an IPv4 address. NAP can enforce health policies by inspecting and assessing the health of client computers, restricting network access when client computers are noncompliant with health policy, and remediating noncompliant client computers for unlimited network access.

    When create NAP policies with a Wizard in NPS server, to grant or deny access to groups of computers, you could add specific groups to Machine Groups, such as, domain computers.

    Checklist: Configure NAP Enforcement for DHCP

    http://technet.microsoft.com/en-us/library/cc772356(v=WS.10).aspx

    Best Regards,

    Tina


    Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Tuesday, December 9, 2014 5:52 AM
  • thank you, but wha happend with windows deployment? Because I have setted up it and it install all from windows to office and put client to domain. If I setup NAP that won't work anymore.

    I never left an open problem....I search, dig and ask, until it's solved....

    Tuesday, December 9, 2014 7:39 AM