Case Study 2 - Restricting Network Access To Known Computers 77
5 Click OK and exit the Active Directory Users and Computers interface.
On being informed that a specific PC needs to be denied access to the
network, use the Active Directory Users and Computers interface to
perform the following:
1 Either:
click on Computers in the Tree pane, or
if Organizational Units have been created, click on the organizational
units subfolders until you reach the desired unit holding the PC.
2 Highlight the specific PC in the Details pane, and right-click. Select
Properties.
3 Select the Network Access tab from the Properties dialog window.
A list of rules that the operator has permission to apply will be displayed
4 Tick the Unauthorized Computers rule.
5 Click OK and exit the Active Directory Users and Computers interface.
What Happens The following takes place when a device connects to the network.
1 The PC connects to the network
2 The switch sends the MAC address of the PC via RADIUS to IAS
a If the PC is listed in Active Directory, and the Authorized Computers
rule has been applied to the PC, IAS replies Accept and the switch
enables the port.
b If the PC is listed in Active Directory, but either the Default Rule or the
Unauthorized Computers rule is applied to the PC, IAS replies Reject
and the switch disables the port.
c If the PC is not listed in Active Directory, IAS replies Reject and the
switch disables the port.