Any input is appreciated!
We are a small college in Kansas and need a way to force our users in the dormitories to install our McAfee VirusScan software. We won't be able to physically install it, or put them into a domain. Here is our plan so far.
We have created a silent install of VirusScan that runs a batch file after completion. This batch file records the computer's MAC address to a text file on a remote server. This server has a python script that running frequently that can format the text file to our liking.
What we'd like is when the user first plugs in to our network and tries to access a web site, they will get a default page (similar to what most hotels have). This page will welcome them to our network and provide a link to install the University supplied antivirus software. After they approve the installation popups from their browser, they would then have antivirus silently installed in the background. Their computer would then automatically restart (via the batch file after installation).
Now that their MAC address is in the text file on our server, we need to allow them external network access. I've spoke with several people about how to do this, but I'd really like more advice from others.
Right now our network looks like this:4 T1's providing internet access to the "student network" 1 Tasman 1400 router (which is also the CSU for the T1's I think) 1 Cisco PIX 506E Several Cisco 2900 series switches providing the network infrastructure and a Windows 2000 DHCP server (which could also be a IIS web server)
We are prepared to build a new box to act as a proxy, firewall, or router, which ever is needed. I'm not picky as to whether it is Linux or Widnows.
We have a limited budget (almost $0).
If we can somehow get the PIX or tasman to redirect all trafic not comming from MACs on our list to the web server with the download link, then allow all traffic that IS on the MAC list, that would be perfect. We just don't know how to set up a ACL or something that checks an external list.