Looking to lock down unknown computers from network and are internet access... for example if anyone brought a PC from home and plugged it into a HOT port. then they would get a IP address and could surf the web and are upload are just do whatever they wanted. is there anything i can do networking wise to prevent this?Danny G Guillory Jr. Twitter: @dguilloryjr Blog: http://msvenom.wordpress.com/ LinkedIn: http://www.linkedin.com/in/dannyjr

Looking to lock down unknown computers from network and are internet access... for example if anyone brought a PC from home and plugged it into a HOT port. then they would get a IP address and could surf the web and are upload are just do whatever they wanted. is there anything i can do networking wise to prevent this?Danny G Guillory Jr. Twitter: @dguilloryjr Blog: http://msvenom.wordpress.com/ LinkedIn: http://www.linkedin.com/in/dannyjr

Hello, If you want to allow access only for known computers, you can use filtering based on MAC address in your network switches / routers / firewalls. To distribute leases based on MAC addresses: http://technet.microsoft.com/en-us/library/dd759190.aspx This posting is provided "AS IS" with no warranties or guarantees , and confers no rights. Microsoft Student Partner 2010 / 2011 Microsoft Certified Professional Microsoft Certified Systems Administrator: Security Microsoft Certified Systems Engineer: Security Microsoft Certified Technology Specialist: Windows Server 2008 Active Directory, Configuration Microsoft Certified Technology Specialist: Windows Server 2008 Network Infrastructure, Configuration Microsoft Certified Technology Specialist: Windows Server 2008 Applications Infrastructure, Configuration Microsoft Certified Technology Specialist: Windows 7, Configuring Microsoft Certified Technology Specialist: Designing and Providing Volume Licensing Solutions to Large Organizations Microsoft Certified IT Professional: Enterprise Administrator Microsoft Certified IT Professional: Server Administrator Microsoft Certified Trainer

Hi Danny, Thanks for posting here. Settings MAC address filter on DHCP server is one of deployable solution for us to achieve the goal. Meanwhile, deploying 802.1x authenticated network with the dynamic VLAN technology is also a way for us to quarantine hosts that unable pass the authentication or not meet the conditions we defined on RADIUS server into a restricted network which is isolated form our normal network but provide internet connectivity or other services . However we need also 802.1X compatible devices to support this deployment. For the detail information please refer to the introductions in the links below: Wired Networking with 802.1X Authentication http://technet.microsoft.com/en-us/network/bb545365 Configure NPS for VLANs http://technet.microsoft.com/en-us/library/cc731649(WS.10).aspx Regards, Tiger Li TechNet Subscriber Support in forum If you have any feedback on our support, please contact tnmff@microsoft.com.Tiger Li TechNet Community Support

Hi Danny, Please feel free to let us know if the information was helpful to you. Regards, Tiger Li TechNet Subscriber Support in forum If you have any feedback on our support, please contact tnmff@microsoft.com. Tiger Li TechNet Community Support