Almost an newbie.

[Siggi og Guðrún]

Hello.

Facts:
Lan with 300 computers.
1 router. ( gateway ). DHCP
1 nt4 server.
( upgrade to windows 2000 server is not an option do to insuffent money )

Problem:
If one gets a virus the whole network is at risk and
that person distrubutes the virus 24/7 and the traffic brings the rest of
the
network down.

What i need to do is give out ip´s to every user
and then make it so that he/she can only use that ip.
( so he/she cannot just change it if i block him/her in the router )

Could Anyone help me with suggestions how i can do this.
Every advice is greatly apreaciaded.

With thanks in advance.
Sigurður Pallson.

 

[Herb Martin]

What i need to do is give out ip´s to every user

and then make it so that he/she can only use that ip.
( so he/she cannot just change it if i block him/her in the router )

One, lock down the machines (remove user's as Admins) so they
cannot even change the IP address -- use Group Policy to further
restrict their access if you cannot trust them to behave properly.

Two, consider making all client machines DHCP clients and even
giving each a "reservation" based on NIC/MAC address -- this is
a bit of administrative overhead but it meets your actual request.

Three, consider a product like ISA (Proxy server) that can require
domain machine membership (and thereby require that Group Policy
be applied) and can restrict traffic based on User privileges, IP
address and other criteria.

 

[Jack Seredyniecki]

All that + AV software - perhaps on the ISA server so that way all the
traffic gets scanned.