Step 6: Distribute the profile to remote users

Windows Server 2003's Network Access Quarantine Control (NAQC) prevents remote users from connecting to your network with machines that aren't secure.

The profile you just created is made into an executable file that you can distribute to your remote users so that they can run it on their systems automatically, creating a profile without any intervention after that. You have several options for actually getting that executable file to your users.

You can transmit the executable file as an attachment to an e-mail message, or better yet, as a link to the executable file hosted on a web server somewhere. In the e-mail message, you can include instructions to run the file and use the new connectoids for all future remote access. You also can have the executable run as part of a logon or logoff script, but to do that, you need to either have your users log on through a dial-up connection, or wait until the mobile users return to the home network and are connected at the corporate campus to the network.

Regardless of which method you choose to initially transmit the profile installer to your users, you always should place the latest version of the profile installer on a quarantined resource somewhere, so client computers that don't pass your baselining script's compliancy checks can surf to a web site and download the latest version without compromising further the integrity of your network.


Step-by-Step Guide to Network Access Quarantine Control

 Home: Introduction
 Step 1: Learn how it works
 Step 2: Create quarantined resources
 Step 3: Write the baselining script
 Step 4: Install the listening components
 Step 5: Creating a quarantined connection profile
 Step 6: Distribute the profile to remote users
 Step 7: Configuring the quarantine policy

ABOUT THE AUTHOR:
Jonathan Hassell is author of Hardening Windows (Apress LP) and is a SearchWindowsSecurity.com site expert. Hassell is a systems administrator and IT consultant residing in Raleigh, N.C., who has extensive experience in networking technologies and Internet connectivity. He runs his own Web-hosting business, Enable Hosting. His previous book, RADIUS (O'Reilly & Associates), is a guide to implementing the RADIUS authentication protocol and overall network security.
Copyright 2006 TechTarget
This was first published in January 2006

Dig deeper on Microsoft Windows Server Provisioning

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchServerVirtualization

SearchCloudComputing

SearchExchange

SearchSQLServer

SearchWinIT

SearchEnterpriseDesktop

SearchVirtualDesktop

Close