Check for Anti Virus software

  • Thread starter Thread starter Guest
  • Start date Start date
G

Guest

Hello,
I have a requirement that noone without A.V. software be able to logon to
my 2K3 domain and was wondering if anyone out there is doing anything like
that. I know I could do a file check via a logon script and intsall the
software if the file isn't found but that seems very NT 4 to me. Is there
any better way to do this type of thing these days? Maybe a GPO but I don't
think I've seen such a policy. I guess ideally, at logon the system would be
checked for the software, if not installed the user would be prompted to
install and if they said no they would just not get logged on to the
domain... is that possible?
Thanks,
Dan
 
You're still stuck scripting, unfortunately. In 2003, you have Network
Access Quarantine Control:
http://www.microsoft.com/windowsserver2003/techinfo/overview/quarantine.mspx,
which will perform "health checks" on computers before they're allowed to
log on.

Network Access Protection will be a big improvement on NAQC in terms of
usability, but right now that's still "in the Longhorn timeframe."


--
Laura E. Hunter
Microsoft MVP - Windows Server Networking
Author: _Active Directory Consultant's Field Guide_
(http://tinyurl.com/7f8ll)

All information provided "AS-IS", no warranties expressed or implied.
Replies to newsgroup only.
 
Thanks for the info Laura, is this only viable in remote access situations?
I'm just as concerned with computers in my office whether they be personal
employee laptops or guests on site having issues.
Thanks,
Dan
 
You allow employees and guests to use personal systems on your network??? We
strictly prohibit this and have a formal policy written. The risks are just
too great.....
 
NAQC is just for remote access clients, yes. You might want to look at a
3rd party solution from someone like Cisco (Network Access Control) or one
of the other router shops to fill an immediate need. They can do neat stuff
like shunting even local clients off to an isolated VLAN until they can pass
whatever health checks you've stipulated. (NAQC does this now, but only for
RRAS connections.)
--
Laura E. Hunter
Microsoft MVP - Windows Server Networking
Author: _Active Directory Consultant's Field Guide_
(http://tinyurl.com/7f8ll)

All information provided "AS-IS", no warranties expressed or implied.
Replies to newsgroup only.
 
Dan

You could write a login scirpt to do this. I know MS are working on exactly
what you need to do for RAS users and is due out in W2K3 SP1. I wouldn't
install it yet as it is only eval.

Regards
 
Back
Top