Asked By
dgsabel
0 points
N/A
Posted on - 02/23/2012
In our company we are using a Windows 2003 server workgroup. I am wondering whether Active Directory would enable me partition our LAN into different groups and configuring each group to have different permissions to access different resources. Is there anyone out there with an idea?
Partitioning the LAN into different groups
Hi,
Â
You can not actually create virtual LANs in the active directory for your network. The solution to this issue is that first of all you need to create VLANs with different subnets in your network. I hope subnetting would not be a problem for you. Anyway I am giving an example for your here:
Suppose you have a network as 172.27.0.0 with subnet 255.255.0.0 you can make different subnets like 172.27.1.0 , 172.27.2.0, 172.27.3.0 etc.
Once you have created different subnets according to your requirements, you can use the Windows Firewall Group Policy to configure different policies for different subnets. Now it would be very easy for you to allow or deny access to these different subnets as per your company policy or your requirements.
The group policy setting can be found here:
Computer Configuration/Administrative Templates/Network/Network Connections/Windows Firewall
Different Firewall policies that can be setup here include:
·        Windows Firewall: Protect all network connections
·        Windows Firewall: Do not allow exceptions
·        Windows Firewall: Define program exceptions
·        Windows Firewall: Allow local program exceptions
·        Windows Firewall: Allow remote administration exception
·        Windows Firewall: Allow file and print sharing exception
·        Windows Firewall: Allow ICMP exceptions
·        Windows Firewall: Allow Remote Desktop exception
·        Windows Firewall: Allow UPnP framework exception
·        Windows Firewall: Prohibit notifications
·        Windows Firewall: Allow logging
·        Windows Firewall: Prohibit unicast response to multicast or broadcast requests
·        Windows Firewall: Define port exceptions
·        Windows Firewall: Allow local  port exceptions
I hope this will work as a perfect solution to your problem.
Â