Certificates

  • Thread starter Thread starter Adrian
  • Start date Start date
A

Adrian

I am wondering if there is a way to use certificates to authenticate a
computer before it is allowed to login to the domain. Basically I want to
place a certificate on the PC and then use it along with password
authentication to allow a user to access resources on a domain. If a PC
doesn't have one, then it can't log on. Any info is appriciated.

Thanks
 
Not totally in the way you want. You can use ipsec with certificate
authentication that will not allow a computer to access another computer
unless it has an ipsec certificate. Otherwise you would need to look into
802.1x authentication which will not allow a computer access to the switch
port until it is authenticated with a computer certificate via an IAS
server. However 802.1x require operating systems and switches that are
802.1x capable [ affordable these days] and the use of a Certificate
Authority and an IAS server on the network which W2K or W2003 can all do. If
you want to read more about 802.1x see the links below. --- Steve

http://www.hp.com/rnd/pdf_html/guest_vlan_paper.htm
http://www.microsoft.com/technet/prodtechnol/winxppro/deploy/ed80211.mspx --
works almost the same for wired neworks but instead of wireless access
points, 802.1x switches are used and user certificates are not required..
 
Adrian,

This is a viable solution just know that to really do this as an all windows
solution, you will want to make sure that all of your workstations are
Windows XP SP1 or (much better for this) SP2. If you can't guarantee that,
then you should look at external solutions for dynamic VLANs -- Cisco has a
good one though it may be too expensive depending on your needs.

--
Ryan Hanisco
MCSE, MCDBA
Flagship Integration Services


Steven L Umbach said:
Not totally in the way you want. You can use ipsec with certificate
authentication that will not allow a computer to access another computer
unless it has an ipsec certificate. Otherwise you would need to look into
802.1x authentication which will not allow a computer access to the switch
port until it is authenticated with a computer certificate via an IAS
server. However 802.1x require operating systems and switches that are
802.1x capable [ affordable these days] and the use of a Certificate
Authority and an IAS server on the network which W2K or W2003 can all do. If
you want to read more about 802.1x see the links below. --- Steve

http://www.hp.com/rnd/pdf_html/guest_vlan_paper.htm
Click to expand...
ttp://www.microsoft.com/technet/prodtechnol/winxppro/deploy/ed80211.mspx --
 
Back
Top