restrict private domain computer to connect to other networks if network cable disconnected

On the PRIVATECOMPUTER, find the MAC Address. On the PUBLIC DHCP server, add a reservation for his IP Address to something which you do not route.

Example:

If your PUBLIC DHCP server gives out 192.168.1.x, then add his PRIVATECOMPUTER with a reservation of 172.16.0.x without a router (you will need to add a new scope to this).

This is the best you can do without locking down from the router or mac address pinning on a switch. This will only prevent the silliest of "hackers" from achieving their goal.

jnovack

Posted 2013-04-04T21:16:43.607

Reputation: 1 266

some of remote sites connected to internet through ADSL router and it out of my control. i need an easier way by using Group policy for example, i can do changes on private network only – basel – 2013-04-04T21:32:56.177

The simplest way is to create a GPO that pushes the 127.0.0.2:88 as proxy server for IE, and disallow user form changing the proxy settings, is this the right way? – basel – 2013-04-04T21:52:28.323

Like I said, if it's not on the switch or router, any "easy" solution has an "easy" workaround. With your solution, I'd add the proxy server IP as an IP address on my machine and then set up my own ssh proxy out. You have to gauge your users. – jnovack – 2013-04-05T12:59:40.740

have you considered a mac address white list so only the computers that you want can join? – dashboard – 2013-04-04T21:19:10.933

i have more than 1000 computers on each network, distributed on more than 25 sites – basel – 2013-04-04T21:20:29.837

1use a microtik you can do anything with those router boards... – dashboard – 2013-04-04T21:24:46.173

restrict private domain computer to connect to other networks if network cable disconnected

Answers