We are trying to stop users from plugging in laptops that are not part of the domain for security reasons. Every once in a while we see a crazy workgroup name on the network. My question: Is there any way I can set up some type of alert so when this does happen I will be notified? Thanks.
Some network management products may have this facility. There are also some new technologies that might help. They are based on either requiring every computer to be scanned and pass a security review before being able to connect to the network or requiring a set of access control lists on switches and other network devices. Or they are based on preventing unauthenticated computers from accessing network resources.
In the first case, the security review can look for things like computer identity and refuse access to those not authorized. This is similar to the Network Quarantine control process available with Microsoft Windows Server 2003, but for the LAN. The user might plug the computer into a jack, but cannot access anything since the computer cannot pass the security test. This is a new technology that Microsoft is working on. Cisco has a product Secure Access Control Server for Windows that can configure access control lists on firewalls, routers, switches and so on to control access.
In the second case, IPSec policies are used on domain resource computers and require any computer to have its own certificate and authenticate before accessing resources. The user may be able to plug his computer into the network, but any attempt at accessing a network resource will be "access denied" since the computer cannot pass the security test. Desktop systems owned by your company will need appropriate certificates provided, as will servers. Microsoft has a document on how they implemented this solution which is called Domain isolation.
This was first published in September 2004