On 2018-06-24 14:11, Per Jessen wrote:
Carlos E. R. wrote:
On 2018-06-24 12:54, James Knott wrote:
On 06/24/2018 06:51 AM, Carlos E. R. wrote:
On that place, only authorized machines got an IP.
That's easy enough to do based on MAC address. With some DHCP servers you can create a list of MACs to allow or deny.
I know, but it was way more complex than that.
As I said, the machines had to be configured in Bios to boot only from network, never from disk. They loaded some code, and this did the auth and allowed Windows to boot properly.
I know because there was some problem, IT was very slow coming, so we attempted recovery, and set computer to boot stand alone. It booted to windows, no network, and no domain. The IT chap finally came and changed the bios to boot from network and booted. He told me the name of the protocol but that was years ago and I have forgotten.
dhcp/bootp + PXE + tftp. All very ancient stuff :-)
Yes, I know about those, but not as a very paranoid security measure. It was a windows only thing. The code that was downloaded from network for booting verified the authenticity of the computer before allowing it to boot and connect to the network. -- Cheers / Saludos, Carlos E. R. (from 42.3 x86_64 "Malachite" at Telcontar)