Hi all, is there a way, with host checker or with a role mapping, to block a certain machine from connecting.
The logic is that we dont want that particular machine to be able to connect, but not the user. Only on this machine that user can not connect. It will be a flying laptop that is going to be used to god know what.
Solved! Go to Solution.
Sure - just do a host check on the MAC address and deny it if it matches.
Or the NETBIOS name ! Thanks, I did not look deep enough in the option.
MAC-Address doesn«t work in my enviroment. We have some Notebooks that will connect over 3G and W-Lan. On the 3G-Network we do not have an unique Mac-Address. Our MAC-Address is like this: 00:A0:C6:00:00:00_.
Is there another solution to prevent machines from connecting? It should be forgery_ proof.
Well - if you can't use MAC or a NETBIOS name - you are pretty limited. Registry entries can of course be hacked. Have you considered a machine certificate - IE - work on the opposite premise and only allow approved devices onto that realm?
As muttbarker has said, you will need to use Host Checker. If this is a machine you have control over initially, you can do registry/MAC/NetBIOS/etc. Another option is to use the "file" check; you would put a file somewhere on the system, preferably as hidden as possible, and check for this in the policy and set the behavior to deny. And make sure to not list the reason string for users if they fail.