An enterprise strictly controls user access to the Internet via the enterprise network, and only allows Marketing employees to access the Internet. The enterprise network administrator finds that some users in other departments can also access the Internet. However, the administrator does not find these users' IP addresses on the access device and egress gateway.
Researches show that some users in the Marketing department use Wi-Fi Sharing Wizard to share the Internet with users in other departments. Users in non-Marketing departments can choose not to install the NAC client, so the administrator cannot control network access through the NAC client. The administrator wants to prevent non-Marketing employees from accessing the Internet via the wireless hotspot created by Marketing employees using Wi-Fi Sharing Wizard.
Tests show that Wi-Fi Sharing Wizard shares the Internet through the Internet Connection Sharing (ICS) service. The administrator can disable ICS to control the use of Wi-Fi Sharing Wizard.
Disable ICS, as shown in the following figure.
Apply the policy template to the Marketing department to disable Wi-Fi Sharing Wizard.
Wi-Fi Sharing Wizard is a type of wireless router. Once Wi-Fi Sharing Wizard is inserted into a computer that can access the Internet, it converts the computer connected to the wired network into a wireless access point, without the need to perform any configurations. Thus, the computer can share Internet connection with other terminals.Users from other departments have not installed the NAC client, so the administrator cannot restrict network access using NAC client policies. Instead, the administrator can control network access only by preventing Marketing employees from using Wi-Fi Sharing Wizard.
Add a policy template that disables the Wi-Fi Sharing Wizard service. Apply this policy template to the Marketing department.