deny ipods dhcp

45 pts.
Tags:
Active Directory
DHCP
Microsoft Windows Server 2003
Windows Server Permissions
Windows Server Security
Hi, I want to deny ipod users DHCP. W2K3 Domain with AD. Any ideas how to stop them? thanks guys.

Answer Wiki

Thanks. We'll let you know when a new response is added.

In DHCP, you could search for MAC of apple devices. Check here for Apple OUI. Ping -a will resolve machine names. Your wireless is wide open? Do you do anything as far as isolation on wireless or have a separate DHCP pool? This could help identify devices. If there are a lot it could get labor intensive, otherwise MAC filtering could be applied on case by case. Also, consider firewall/proxy to block streaming data from known sites

___________________________________________________________________________

You could always dia-allow ‘itunes.exe’ from running on your devices as well, or being installed. Having an I-pod to listen to music at work is one thing. Installing ITunes on a workstation is another.

Discuss This Question: 8  Replies

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when members answer or reply to this question.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
  • mshen
    I've found that an IPOD is just like another wireless client. You need to block them individually by mac address.
    27,385 pointsBadges:
    report
  • Graham00
    Thanks for the idea Mshen but, the ipods in question are in a high school setting. It would be extremely difficult to get the mac from these people. Is there a way to collect the mac from the Server?
    45 pointsBadges:
    report
  • Graham00
    Thanks Spadasoe, My APs are locked down but someone leaked the passwords. I will check out the MAC filtering & also will change passwords. thanks for your help.
    45 pointsBadges:
    report
  • mshen
    You can use MAC blocking in reverse. Allow only the specified MAC addresses to access the network. It's not an easy task getting all of the MAC addresses you need, but it will fix your problem.
    27,385 pointsBadges:
    report
  • Graham00
    Thanks Mshen, I will try that
    45 pointsBadges:
    report
  • JennyMack
    Thanks for this information, guys -- Graham00, did these suggestions help solve your problem? I'm curious about this reverse MAC address blocking concept. It does seem labor-intensive. Are there any specific indicators in the MAC address of an iPod as opposed to other devices? Also, what implication would this reverse MAC blocking have on the use of removable media like USB flash drives? Thanks, Jenny Community Manager
    4,280 pointsBadges:
    report
  • mshen
    Hello Jenny, There are no real identifiers that you can use to identify an IPOD. Here's why: The first 24-bits of a MAC address are purchased from the IEEE, so you can use this link to see the public records for MAC addresses assigned to Apple; there are several of them. Similar to being assigned an IPv4 class B address range, Apple can use use these MAC addresses as they please, so unless Apple provides us with a list of MAC ranges that they use just for IPODs, it will be hard to identify if the MAC address is an IPOD or an Apple manufactured NIC card. If Graham uses MAC blocking, he would have to keep track of USB NICs as well. Maintaining the MAC list is a simple but manual task, so there may be scripts available that can help him.
    27,385 pointsBadges:
    report
  • Graham00
    Hi Jenny, Sorry I just returned from vacation :) Due to the fact that my Access Points were comprised, I chose to re secure them. That stopped the IPods. Many thanks to everyone for their help.
    45 pointsBadges:
    report

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

To follow this tag...

There was an error processing your information. Please try again later.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Thanks! We'll email you when relevant content is added and updated.

Following