There are already solutions around that can do some of these things. Some of them are homegrown. For example, one organization I’m familiar with uses a DHCP registration system that links MAC addresses to user accounts stored in Active Directory to control which machines have access to the network. But homegrown solutions like this tend to be hard to manage and difficult to maintain, and they can sometimes be circumvented—for example, by using a static IP address configuration that allows access to a subnet scoped by DHCP.

Vendors also have their own solutions to this problem, and Microsoft has one for Windows Server 2003 called Network Access Quarantine Control, but although this solution can enhance the ...