09-26-2019 11:05 AM
Since Infoblox is able to integrate with AD, is it possible for it to "filter" out a device based on what GPOs it has deployed to it? For instance, if a new device on the network reaches out for a DNS/DHCP request and it has not pulled a certain GPO, could Infoblox detect this and assign the user an IP address on a separate subnet from the rest of the devices on the network that do have the GPO deployed to them? If this idea is not possible through the analyzation of GPOs, would there be another way to implement compliance with a particular security baseline in order to get a IP assigned to a device through Infoblox?
Thank you for your time!
09-30-2019 10:52 AM
While NIOS integrates with many facets of AD there is no built in GPO awareness. Based on your description you are looking for an integration between NPS (https://docs.microsoft.com/en-us/windows-server/networking/technologies/nps/nps-top) which will allow you to define these policies and your Infoblox deployment. With NPS and NIOS combined you will be able to quarantine clients that do not have the right GPO and allow then to catch up in the quarantine network.
Another way would be to get your systems to update a custom extensible attribute for the client which provides their GPO "Status"