Posted on 05-22-2013 01:35 AM
My colleague and I were trying to figure out a way to log when our Mac client's connect to our school's wireless so that we can see (and generate reports on) how often they are bringing their MacBook's to school (hopefully everyday!). We've run into some problems with this...
Firstly we have an external JSS residing in our DMZ so that clients can connect to JSS while they're outside of our network, so we cannot use recon reports. Secondly our students connect to our internal network using a subnet 192.168.0.0/21, mostly for security reasons, which is unfortunately common among home routers meaning we cannot filter by IP alone to determine their location.
So far we have brainstormed a "dirty" solution where we trigger a script whenever the MacBook connects to a wireless network and then if the SSID is the school's SSID we manually trigger a policy which filters by; IP (inclusive 192.168.0.0/21), day of the week and time. This would give us a connection history in the policy logs, however we would not be able to create reports from this (the main reason we are looking into this matter).
So we're stuck, as we cannot store logs in the extension attribute and we cannot create reports from the policy logs.
We were wondering if anybody has encountered this problem before or if anybody has any suggestions?
Thanks,
Damien.
Posted on 05-22-2013 06:46 AM
Create a network segment which is isolated to your internal network, and create a Recon (or Dummy) policy which is restricted to this network segment. You will know they were on your network if they ran this policy.