cancel
Showing results for 
Search instead for 
Did you mean: 

Preventing a particular machine from connecting.

SOLVED
Highlighted
Occasional Contributor

Preventing a particular machine from connecting.

Hi all, is there a way, with host checker or with a role mapping, to block a certain machine from connecting.

The logic is that we dont want that particular machine to be able to connect, but not the user. Only on this machine that user can not connect. It will be a flying laptop that is going to be used to god know what.

thanks.

1 ACCEPTED SOLUTION

Accepted Solutions
Highlighted
Valued Contributor

Re: Preventing a particular machine from connecting.

Sure - just do a host check on the MAC address and deny it if it matches.

View solution in original post

5 REPLIES 5
Highlighted
Valued Contributor

Re: Preventing a particular machine from connecting.

Sure - just do a host check on the MAC address and deny it if it matches.

View solution in original post

Highlighted
Occasional Contributor

Re: Preventing a particular machine from connecting.

Or the NETBIOS name ! Thanks, I did not look deep enough in the option.

thanks

Highlighted
New Contributor

Re: Preventing a particular machine from connecting.

MAC-Address doesn«t work in my enviroment. We have some Notebooks that will connect over 3G and W-Lan. On the 3G-Network we do not have an unique Mac-Address. Our MAC-Address is like this: 00:A0:C6:00:00:00_.

Is there another solution to prevent machines from connecting? It should be forgery_ proof.

Greets,

Marc

Highlighted
Valued Contributor

Re: Preventing a particular machine from connecting.

Well - if you can't use MAC or a NETBIOS name - you are pretty limited. Registry entries can of course be hacked. Have you considered a machine certificate - IE - work on the opposite premise and only allow approved devices onto that realm?

Highlighted
Respected Contributor

Re: Preventing a particular machine from connecting.

As muttbarker has said, you will need to use Host Checker. If this is a machine you have control over initially, you can do registry/MAC/NetBIOS/etc. Another option is to use the "file" check; you would put a file somewhere on the system, preferably as hidden as possible, and check for this in the policy and set the behavior to deny. And make sure to not list the reason string for users if they fail.