Network requiring laptops to register as "safe ​computers&q​uot; in order to gain access to the n

Okay, I have an irritating problem.

My sister has a laptop. I set it up for her and gave myself administrative privileges (since I'm most likely going to be the one to fix the system and maintain it) and my sister limited privileges (because I don't want tons of junk getting on the system like kazaaa/limewire/aimOmgItsANewVersionButStillIsntSecure stuff which then I would have to clean out causing more misery for me).

A new thing at her collge requires that all external laptops/computers must "register" with the network in order to gain access to its resources and go out to the internet.

In order to register, the laptop must declare itself "secure". The registration process ends with some sort of "client assessment tool" checking the laptop to make sure it is up-to-date on windows updates, has an adequate AV solution/firewall solution, has good spyware protection, and has ping turned on.

This is indeed a good idea, however, there is a problem. In order for this tool to run, it needs to be initiated on an administrator account.

At this point I'm thinking..huh? If you truly want to safeguard your network, wouldn't the best thing to do is ensure that all users connecting to the network run with limited privileges?

Though, this registration process is a one time thing, so if I just go over and do the registration under the admin account, all should be well.


But, shouldn't IT staffs really be putting forward security initiatives that require limited privileges?


mVPstar

Hehe, I'm sure this tool looks at some of the registry keys and such to detect the software that is intended to keep it safe. It probably does so also by means of an ActiveX control. Just like linux when a program needs su rights to do anything on that level...I'm willing to bet if you walk over...register...then log off and on as her. You'll be fine.

Yes, active x control for sure.

I did walk over and register for her. Though, the registration didn't go so well.

The Tool didn't even recognize my Avast!4 AntiVirus  as an adequate AV solution. :\

(not to mention I can't update the virus definitions to deem it adequate since the stupid network wont allow me to get out to the internet to download the definitions!)

Instead, it prompted me to download a free Symantec Client AV from the network, which is all good.


Though, the install didn't work for some reason, so I have to march over back to her dorm and try it again.


mVPstar

Well, that university is pretty dense, but mine is better... the logon form for the web mail interface sends the credentials via HTTP POST.

I suggest you teach your sister how to use the Windows "runas" command (very similar to the su command on Unix/Linux). I doubt the security checking software will be a one time thing. Also, you need to teach her how to update her computer so when she does run the security checking software it succeeds. Otherwise, expect to be traveling a lot, I think.

Ed

I have been looking to set this up for our network also.  I have been waiting to Cisco Nat2 to come out first.  The issue on the AV is pretty normal, I get to set the acceptable standards that I have deemed good, some may not agree with your standards but it is my network.  I can not go out and search all dat files for every AV company so I pick the ones I have agreed to keep to the standard.  Now the issue that the client has to be installed is pretty normal but I have not seen the problem you are saying.  Have you added the school domain to the trusted sites?  This might allow the install of this client you are talking about.  At a minium you should be able to go to a non secure area like just internet not any of the school domain. 

Tommy4 wrote:

Have you added the school domain to the trusted sites?