Using Macbook pro when I'm not supposed to in windows world

Discussion in 'Mac OS X Server, Xserve, and Networking' started by fibrizo, Jul 22, 2010.

  1. macrumors 6502

    fibrizo

    Joined:
    Jan 23, 2009
    #1
    I apologize in advance if this isn't the right place for this topic.

    Anyways at work, they do not allow Macs, only IT approved PCs. While it is against protocol, I just added a wireless router to the network jack that one of the pcs was connected to, and I connected my mac wirelessly and could use the internet and do work as I saw fit.

    I know that it's against IT policies, if you plan to just lecture me, I already know lol.

    The issue I'm having is that recently they've upgraded the internet security on the network. So If I sign in on the windows PC (network login) the internet on that PC works fine (it's connected to the router that gives me wifi) When I connect my mac to the ethernet line or via wifi, I can't access the internet, but I can load up intranet pages just fine, so it's connected to the network and can get access, but can't connect to the actual internet. It's the same with another windows PC that has a generic login (not to network) it will access the intranet but not the internet.

    I suspect I need to authenticate somewhere with my user name and password, but I have no idea where to start.

    Is what I am wanting to do impossible?
     
  2. macrumors 601

    Joined:
    Aug 15, 2005
    #2
    There are so many things that could cause this; it's impossible to troubleshoot without intimate knowledge of the network.

    You should really concentrate on just using your approved equipment.
     
  3. Guest

    InfoSecmgr

    Joined:
    Dec 31, 2009
    Location:
    Ypsilanti, Michigan
    #3
    I'm not trying to lecture you, but as a tech manager and IAM (information assurance manager) I can tell you that they will find the rogue wireless point at some time in the near future. I understand that IT departments often have BS rules, etc etc. I would just try to find a solution that doesn't involve wireless. However, you are playing in a dangerous area where you can be terminated. Companies don't like having unauthorized IS's (information systems) in their buildings. People like to launch attacks that way. Anyway, companies usually control network access by MAC address, you wouldn't be able to logon anyway, even if you had a username and password.

    Of course being an IAM I don't officially endorse trying to bypass the rules, etc ;)
     
  4. macrumors member

    Joined:
    Jul 21, 2010
    #4
    Your IT department most probably started using MAC (Media access control) address authentication to enable only trusted PCs to access the internet. As every networking device has a MAC address that's unique to them, there is not much to do unless you find a way to imitate the MAC address of your PC on your Mac. If you can find a way to do it, a new problem will arise, which is your PC and Mac cannot coexist on the same network.
     
  5. macrumors regular

    Joined:
    Jul 5, 2010
    Location:
    Virginia, US
    #5
    maybe there's a network proxy?

    i know my new work requires one to view external pages (my old work had direct internet access, so no silly proxies or routing).
     
  6. thread starter macrumors 6502

    fibrizo

    Joined:
    Jan 23, 2009
    #6
    I'm actually pretty sure they do not. Simply because the 2 computers in the back (which had not been updated properly to sign onto the windows network) can't get internet access either, but can access the intranet.

    Also if I connect my macbook right to a ethernet jack, It hands me an ip normally and I can access the intranet web pages, but not things offsite. Also the router is cloning the MAC of a working PC that it is connected to, and it makes no difference. There may be something regarding a proxy I have to authenticate to however. Any idea where I might check on the working windows PCs to find out?

    If it was mac filtering, I should be able to connect and get an ip right? (as far as my rudimentary understanding goes)

    Thanks for the help/info so far guys, Any other ideas?
     
  7. thread starter macrumors 6502

    fibrizo

    Joined:
    Jan 23, 2009
    #7
    Hehe, I would love to have a competent IT guy like you. Ours are unfortunately... well let's just say not the brightest bulbs.

    Thank you for the concern though, even if I could run a Cat5 cable into the room to use it, (old old building built around 1890s-1900...) I still have the same issue as currently. ie I connect to the network but I can't get internet access even though it assigns me an IP and I can access intranet websites... because I need to figure out where I need to authenticate to get to the internet.

    I'm rather skeptical they would terminate me, rather just be annoyed an report me to my superiors (who feel the same way about the IT people... who incidentally got upset when we purchased(with our own personal funds) our own more reliable printer and installed it... because they had to come by to bolt it down lol)
     
  8. macrumors 68030

    Les Kern

    Joined:
    Apr 26, 2002
    Location:
    Alabama
    #8
    don't be surprised if you are out of work after they find out. I'm an IT director, and you would be gone before your hard drive spun down to a stop. Brutal, but honest.
     
  9. macrumors 601

    Joined:
    Aug 15, 2005
    #9
    Same here. We had someone bring down an entire building due to them recabling at their desk.

    Again, I say just use the equipment you are approved to use. If you don't like it, quit and find a job that lets you use a Mac.
     
  10. macrumors regular

    CorporateFelon

    Joined:
    Oct 26, 2007
    Location:
    Boston, MA
    #10
    Is your network that fragile?
     
  11. macrumors 6502a

    Frosties

    Joined:
    Jun 12, 2009
    Location:
    Sweden
    #11
    Macs pollute windows networks with files every time you open something in finder. You are on a countdown. And opening up the entire network with your wireless access point is just that a reason to be terminated. I know I would kick you out.
     
  12. macrumors 601

    Joined:
    Aug 15, 2005
    #12
    All networks are that fragile. Sure you can put in some preventative measures and we have, but sometimes things slip through. Also when you inherit a network that you don't fully control, things happen.
     
  13. thread starter macrumors 6502

    fibrizo

    Joined:
    Jan 23, 2009
    #13
    Well it's really no big deal. I can always Wimax it to do whatever I need to do anyways. I was just wondering, and hoping to gain a better understanding.

    Again. I have stated before, it doesn't quite work like it does in the real world for business. I'm actually hoping that with the merger we get real IT people working on the stuff, as the other campus I'm on, actually has wireless, real security, and uses macs as well. (That entity is in the process of taking over operations). Thanks for all your concern.

    If they really want to be concerned about security breaches, they'd actually set up the computers so all the dang secretaries couldn't download random crap and 100x toolbars that load on malware onto the computers and networks :)
     
  14. macrumors newbie

    jdstelljes

    Joined:
    Jul 12, 2008
    Location:
    Las Vegas, NV
    #14
    If adding 1 mac to an office network can take down the whole network then I would say the IT moron should be fired, not the guy who plugged in a mac. I hear so much rediculous tripe from IT people its astounding how un-real world they are, and that any business can run efficently with some of these stupid rules.
     
  15. macrumors member

    Joined:
    Sep 29, 2005
    Location:
    UK
    #15
    That would be my guess. Check your Internet Settings on your work machine for a proxy server or PAC file (it is probably being applied by GPO). You should then be able to add the correct proxy/port on your Mac.

    This is however a complete guess and without additional information regarding your works network it is impossible to be accurate.
     
  16. macrumors 603

    Joined:
    Aug 15, 2001
    Location:
    The Cool Part of CA, USA
    #16
    Actually, I'm pretty sure people were saying that doing bad, unauthorized things to get around network restrictions can bring down a network, not a Mac specifically. While a Mac may be secure, if the connected device is not, or if it opens a point of attack inside the firewall, it could at the very least flood the network with traffic or max out the Internet uplink, if not try and do something more harmful. Or start broadcasting untoward DHCP packets, which can cause all manner of unhappiness (that's a common one when people misconfigure network sharing).

    The IT guys can shut such a device down, but it's still annoying at minimum, harmful at worst. At a small company, with relatively simple network hardware, it can be even harder to deal with.
     
  17. macrumors member

    Joined:
    Jul 23, 2010
    #17
    Sounds like internet access is determined at the user level not machine level which would explain why on your computer using your log in you can get to the internet where as on the 2 computers in the back that are using generic logins only get to the intranet. Why not the internet and just the intranet you ask well that is simple the internet is there people do back things along with connecting hardware that can violate compliance with legal regulations when they shouldn't and the intranet is controled content that everyone in the company should be able to view so why create additional security to control the internal site that is assumed to be safe from deviants.
     
  18. macrumors 6502

    Joined:
    Feb 7, 2008
    #18
    First thing, your wireless router probably has a port marked "WAN" or "Internet". When connected to a business network most people mistakenly connect that to the business network. Don't do that. All connections, to the wall, and to the computers need to be on the LAN side of the router. Don't plug anything into the WAN port.

    Second, make sure DHCP is turned of on your wireless router.

    Third, Macs don't always play well on PC networks. You might need IT's help to create a machine account on the domain controller or otherwise allow it.

    But, most likely the first suggestion will fix it. I've seen that many times and the symptom is just what you describe, you can see the internal network, but not the internet.

    The obligitory lecture (from an IT manager)
    Many companies will terminate an employee on the spot no questions asked for installing a wireless router. Bringing in the Mac is a slap on the wrist, but the router is a very serious offense at many places. Then again, many places have an IT policy some attorney wrote and don't care what you do.
     
  19. macrumors regular

    Joined:
    Apr 3, 2010
    Location:
    Columbus, OH
    #19
    Is there a particular reason you wish to use your Mac on the network? If it enables you to perform duties more efficiently than the provided computers you should let those responsible know why.

    A general purpose IT department should be responsible for protecting company assets as well as enabling employees to work efficiently. If they are only focusing on half of the equation then they aren't really doing their job. Try and focus on the problem you are having, such as not having appropriate software to perform your job effectively instead of the solution (i.e. using your mac) when communicating with them. It's their job to leverage their knowledge and experience toward a solution.

    Now that all the touchy-feely junk is out of the way, I freaking hate IT departments. My job isn't to worry about security, it's to get things done. Their job is to make our systems secure enough that I can't do anything remotely productive or useful toward getting things done. Am I exaggerating? Probably. Is it hypocritical of me to take an me vs. them stance while accusing them of the exact same thing. Absolutely. Do I care? Nope. :p
     
  20. macrumors 6502a

    Joined:
    Jun 27, 2010
    #20
    Where I work, bringing macs or any personal laptops can get someone into a lot of trouble.
     
  21. macrumors 601

    Joined:
    Aug 15, 2005
    #21
    Since you cannot enable a DHCP server on the WAN port, why would you want to bypass that? Additionally, by plugging the LAN ports to the wall, your wall port may become disabled if bpduguard is enabled. This won't happen if you use the WAN/Internet port.
     
  22. macrumors 68030

    Les Kern

    Joined:
    Apr 26, 2002
    Location:
    Alabama
    #22
    Nope, but it's MY network, not his.
     
  23. macrumors 601

    satcomer

    Joined:
    Feb 19, 2008
    Location:
    The Finger Lakes Region
    #23
    Wow just wow. You now it's people like you that there is these bad rules in place on your work network. This is a HUGE firing offense and you have just signed your own termination notice!

    Stop now before someone sees you!
     
  24. macrumors 68030

    Winni

    Joined:
    Oct 15, 2008
    Location:
    Germany.
    #24

    You, sir, are going to spend a lot of time on monster.com very soon.

    But honestly, you should find yourself another job anyway - a place with such restrictions simply cannot be a fun place to work.

    In any case, you should buy a UMTS/3G USB dongle with contract for your MacBook and be completely independent from any company network. But they still might not like the fact that you bring in your own computer to work. After all, you might be stealing company data or whatever other paranoid BS they might have in mind.

    If you want to come to Germany, we're currently hiring. ;-)
     
  25. macrumors member

    Joined:
    Jul 16, 2007
    Location:
    England
    #25
    Given you mention "old compuetrs" not on the Windows domain, I would suggest they are using an ISA firewall, tied to Windows domain authentication. Either that, or RADIUS authentication via AD to an edge device restricting outbound traffic.

    If so, they'll be logging - probably by default. One day, probably by accident, they'll see unauthorised access attempts...
     

Share This Page