问题描述

嘿伙计们，
试图阻止用户将家用机器插入我们的公司网络。我是否有机会设置DHCP池并让IAS通过计算机组和用户组进行验证？

我已经在线阅读了文档，发现有些东西不对，我遗漏了一些东西。

Hey folks,
Trying to stop users from plugging their home machines into our corporate network.  Any chance I can setup a DHCP pool and have IAS do the verification via Computer Group and USER GROUPS?

I've read the docs online and found that something is just not right and I am missing something.

推荐答案

1. 将所有公司计算机加入域（W2K或更高版本，最好是WS03或WS08）。


2. 确保IPSEC在您的LAN上完全正常运行。


3. 限制将机器加入您的域的授权给一些值得信赖的关键人员。


4. 部署托管交换机w VLAN功能。


5. 经常扫描您的LAN以查找未经授权的MAC / IP地址。

1. Join all corporate machines to a domain (W2K or higher, preferably WS03 or WS08).
2. Make sure IPSEC is fully functional on your LAN.
3. Limit authorization to join machines to your domain to a few key trustworthy personel.
4. Deploy managed switches with VLAN capabilities.
5. Frequently scan your LAN for unauthorized MAC/IP addresses.

如果您有一个大型网络和/或者您有特别有价值的信息要在局域网上进行保护，您应该考虑雇用具有良好网络安全证书的人。

If you have a large network and/or you have particularly valuable information to protect on your LAN, you should consider hiring someone with good network security credentials.

这篇关于LAN上的MS IAS服务的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持！