Check compliance before add to domain

Discussion in 'Active Directory' started by Vinicius Moura Santos, Apr 20, 2007.

  1. Hello, I'd like to know if exists some automatic mean able to check if a new
    domain member meets some minimum security requirements, before join to domain?
     
    Vinicius Moura Santos, Apr 20, 2007
    #1
    1. Advertisements

  2. Hello, I'd like to know if exists some automatic mean able to check if a
    Trusted End System is what you are after.

    Enterasys makes a few switches with a software add-on you can set this up. I
    don't think it's a *total* solution where if the system does not meet the
    minimum requirements, it gets updated automatically. I think it just puts
    the machine on a separate vLAN where you only have Internet access and you
    have to manually update the machine with what it needs.

    See:
    http://www.enterasys.com/solutions/secure-networks/trusted_end_system/

    hth
    DDS
     
    Danny Sanders, Apr 20, 2007
    #2
    1. Advertisements

  3. Thanks Danny, but I want to know if the computer meets the requirements
    before join it to my domain, i.e.: I'd like to know before join to my domain,
    if a computer has a registry key identifying it as my corporate computer, my
    idea is to avoid personal computers added to corporate domain.

    Vinicius
     
    Vinicius Moura Santos, Apr 20, 2007
    #3
  4. I'd like to know before join to my domain,
    1) Get management behind you and write a company policy to forbid adding
    private computers to the network.

    2) Somehow filter access to the network based on MAC addresses. Maybe at the
    switch level.

    3) By default a regular "user" can add 10 computers to the domain. Use this
    article to change that number to zero.

    4) make sure unused network jacks are disconnected at the patch panel.

    hth
    DDS
     
    Danny Sanders, Apr 20, 2007
    #4
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.