Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Chriss Miller on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Securing SBS 2003 Domain

Status
Not open for further replies.
GeorgePal

GeorgePal

MIS
Oct 14, 2002
57
GR
I want to secure my SBS 2003 domain so that when a new computer is plugged on my switch it doesnt log on the domain automatically unless it logins with a username and a password. Till now, if a laptop (for example) that had in its settings that it belongs to 'Workgroup' workgroup (default xp settings) it doesnt create the 'workgroup' in 'My Network Places' (hope u understand what i am talking about'.
Also, i would like to know a way to view the wrong domain logons or tries to logon the domain but not from the 'Events' menu in Administrative Tools cause it there presents ALL logins and logoff and its a huge mess..
Sorry if my post is hard to understand:p
Thanks in advance for ur replies
 
Sort by date Sort by votes
Protecting physical access to the network really has nothing to do with your SBS domain. Unless you stop someone from accessing the ports you are stuck there.

The laptops in question are merely advertising their presence. They are not joining your domain and the users will not be able to access any domain resources that have been configured to require domain credentials. If you have anythign setup to allow Everyone Access, then yes, these users would also have access. Better to replace Everyone with Authenticated Users.

Regarding the logins, you can configure logging to only log failed login attemtps rather than both successful and failed. You can also filter the results if you are capturing both so your view will only show the one.

I hope you find this post helpful.

Regards,

Mark
 
Upvote 0 Downvote
How about someone manages to access my domain through my WiFi Spot? Will he then get an IP adress or use the ip address of the antena?
 
Upvote 0 Downvote
In other words, i want to control the ips in a way so that they r given only to computers i choose (the ones in the domain) and only have a couple for the company's laptops that r plugged on thr switch..
Is that easy to do?
 
Upvote 0 Downvote
Lock down your system to be AD Integrated Dynamic DNS and configure DHCP to only issue to authenticated systems.

I hope you find this post helpful.

Regards,

Mark
 
Upvote 0 Downvote
Generally, most wireless APs can also be configured to only recognize wireless NICs that have had their MAC address (unique S/N for the NIC) entered into the access list of the AP.
 
Upvote 0 Downvote
Since this is an SBS environment, only the SBS server should be providing DHCP, otherwise SBS will shut down its own DHCP.

I hope you find this post helpful.

Regards,

Mark
 
Upvote 0 Downvote
The server is for sure managing DHCP (the router and the switch both have manually assigned ips) but what i need to do is to 'lock' the PCs that could logon the network and only if i allow them they could do so. Can this be done using their mac addresses? And what should i select from DHCP? Scope? Reservations?
Concering the ip addresses, will the server identify them automatically or will i have to enter each of the current computers' mac address manually?
 
Upvote 0 Downvote
For the DHCP issue, you would use reservations, and you would manually configure each one.

If you're that worked up about it, disable all unused ports on your switches. Set your AP to not broadcast its SID, require WEP encryption and use MAC filtering.

Pat Richard, MCSE(2) MCSA:Messaging, CNA(2)
 
Upvote 0 Downvote
Even if you have WEP configured for your wireless, and secured your DHCP, it still won't cover statically assigned NICs though.

We actually had this discussion in class back when I was taking the MCSE training. The best solution we came up with is to have the company hire security guard(s).
After all, physical connections should be physically stopped.
Imaging, if your environment was a bank, are they going to allow someone to just walk in and connect a laptop onto one of your ports? That's really out of the system admin's hands.
 
Upvote 0 Downvote
But i am not worried about physical connections, only for the ones that r done remotelly over the internet or wirelessly
 
Upvote 0 Downvote
Also, if i create reservations in DHCP it will only assure that certain mac addresses r assigned certain ips, right?
How can i avoid having non-verified mac addresses getting lan ips?
 
Upvote 0 Downvote
Reduce your IP Scope to only have enough addresses for the reservations.

I hope you find this post helpful.

Regards,

Mark
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

goombawaho
  • Locked
  • Question
Domain join from wifi connected laptop
Replies
4
Views
1K
goombawaho
goombawaho
MattM1975
  • Locked
  • Question
Domain Admin Logon 1
Replies
2
Views
349
ADB100
ADB100
fredmartinmaine
  • Locked
  • Question
Domain Controller without DNS Server
Replies
4
Views
797
fredmartinmaine
fredmartinmaine
DTGMI
  • Locked
  • Question
Win 2003 & IBM X3350 M2 Server (7946AC1)
Replies
1
Views
242
technome
technome
froggy8
  • Locked
  • Question
cant add my windows 7 pc to my domain 1
Replies
3
Views
321
hairlessupportmonkey
hairlessupportmonkey

Part and Inventory Search

Sponsor

Back
Top