RE: Stanford break in

["Victor Williams" <vbwilliams () essvote net>]

> > Authenticate with the server, but only allow access to one 
> > workstation. I've never had to do this on a large scale, is it as time 
> > consuming as it seems that it might be or are there tools that make 
> > this easier?

> I'm not sure about the degree of administrative difficulty, hopefully
someone with Windows admin experience can answer that.

The degree of difficulty to do this *in my opinion* is dependant on WHEN you
do it.  Are you doing this rolling out a completely new network?  Or, are
you trying to add/enforce this policy as an afterthought with an already
implemented network?  

It becomes more a social/personnel issue if you're doing it after the
network has been running for a while.  Getting users used to the fact that
they can't go to any PC in their department or in the enterprise and log on
as themselves is hard for them to accept unless you establish that as the
policy early and get upper management's support of the policy.  Technically,
it's not difficult to do at all...especially if you own the right
tools--anything that allows remote registry access to AD members.

 
Victor Williams 
Network Architect, RHCE #809003618508044 
Election Systems & Software 
http://www.essvote.com <http://www.essvote.com> 
vbwilliams () essvote com 
(800) 247-8683

_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards