Case Study 2 - Restricting Network Access To Known Computers | 77 |
5Click OK and exit the Active Directory Users and Computers interface.
On being informed that a specific PC needs to be denied access to the network, use the Active Directory Users and Computers interface to perform the following:
1Either:
click on Computers in the Tree pane, or
if Organizational Units have been created, click on the organizational units subfolders until you reach the desired unit holding the PC.
2Highlight the specific PC in the Details pane, and
3Select the Network Access tab from the Properties dialog window.
A list of rules that the operator has permission to apply will be displayed
4Tick the Unauthorized Computers rule.
5Click OK and exit the Active Directory Users and Computers interface.
What Happens The following takes place when a device connects to the network.
1The PC connects to the network
2The switch sends the MAC address of the PC via RADIUS to IAS
a If the PC is listed in Active Directory, and the Authorized Computers rule has been applied to the PC, IAS replies Accept and the switch enables the port.
b If the PC is listed in Active Directory, but either the Default Rule or the Unauthorized Computers rule is applied to the PC, IAS replies Reject and the switch disables the port.
c If the PC is not listed in Active Directory, IAS replies Reject and the switch disables the port.
