You can transmit the executable file as an attachment to an e-mail message, or better yet, as a link to the executable file hosted on a web server somewhere. In the e-mail message, you can include instructions to run the file and use the new connectoids for all future remote access. You also can have the executable run as part of a logon or logoff script, but to do that, you need to either have your users log on through a dial-up connection, or wait until the mobile users return to the home network and are connected at the corporate campus to the network.
Regardless of which method you choose to initially transmit the profile installer to your users, you always should place the latest version of the profile installer on a quarantined resource somewhere, so client computers that don't pass your baselining script's compliancy checks can surf to a web site and download the latest version without compromising further the integrity of your network.
Step-by-Step Guide to Network Access Quarantine Control
Step 1: Learn how it works
Step 2: Create quarantined resources
Step 3: Write the baselining script
Step 4: Install the listening components
Step 5: Creating a quarantined connection profile
Step 6: Distribute the profile to remote users
Step 7: Configuring the quarantine policy
|ABOUT THE AUTHOR:|
Jonathan Hassell is author of Hardening Windows (Apress LP) and is a SearchWindowsSecurity.com site expert. Hassell is a systems administrator and IT consultant residing in Raleigh, N.C., who has extensive experience in networking technologies and Internet connectivity. He runs his own Web-hosting business, Enable Hosting. His previous book, RADIUS (O'Reilly & Associates), is a guide to implementing the RADIUS authentication protocol and overall network security.|
Copyright 2006 TechTarget
This was first published in January 2006