Search

Search for words used in entries on this website

Enter the words[s] to search for here:

Sponsors

Microsoft Windows Server 2003 Network Access Quarantine Control

Out of all the new features that windows 2003 provide, Network Access Quarantine Control is a feature which is least spoken about and less understood. However if understood properly and put in to practice, this could be an invaluable feature for most of us. What is Quarantine Control used for?

Network Access Quarantine Control provides the ability to enforce conditions that remote users accessing the network must meet, and to ensure that they are not allowed access in to the corporate network until they are checked and is in compliance with the conditions defined. Some examples of conditions are that the computers accessing the network should have the latest Service Pack’s installed on their machine, they should be patched with the latest updates, ensure latest virus definitions are installed, firewall is turned on & etc.

What really happens behind the scene?

When Quarantine Access Control is enabled and when the user connects to the network either through Dial up connection or a VPN connection, after the user is authenticated, the connection is quarantined. In this mode, the computer will have restricted access to internal network resources such as a file server or a web server. This is done so that the remote computer can download any files necessary to stay in compliance according to the conditions of the policy. So if the user is not in compliance with the policy, he/she is not granted access to the rest of the network.

To implement Quarantine Control, there needs to be some configuration done on the RAS Server and on the Remote Clients. The RAS Server has to be configured with a special listener (rqs component in the W2K3 Resource Kit) and the MS-Quarantine-IPFilter and MS-Quarantine-Session-Timeout vendor-specific attributes. In addition to this, A Quarantine Control policy must be created with the conditions that remote access clients should comply with. The remote clients must be configured with a connection manager profile that is configured to run a script that checks for compliance on the configuration of the remote access client.

Once this is done, you can ensure that both local and remote clients are in compliance of the Organizational IT Policy that is implemented and would go a long way in securing your network from security flaws. See the whitepaper for more info.

Name:			Remember personal info? Yes No
Email:
URL:
Comment:		Emoticons / Textile
Before sending a comment, you have to correctly answer a simple question you know the answer to. This is a countermeasure against automated spam bots. What are the first four letters of Techlog?     ( Register your username / Log in )
Notify:		Yes, send me email when someone replies.
Hide email:		Yes, hide my email address.
Small print: All html tags except <b> and <i> will be removed from your comment. You can make links by just typing the url or mail-address.