Is it possible to disable prarallel network connections on workstation, when workstation is connected to corporate LAN?
I want to avoid users bypassing Internet access policies by concurently connect to LAN and 3G/Hotspot.
We have many developers and they have local administrator rights on workstations. Developers should be able to connect virutual networks (VMware/VirutalPC/Hyper-V/VirutalBox). Other users should be able to use only one network connection concurently.
domain and server isolation would help with this( but not eliminate the problem). Additionally don't give them admin rights over their workstations. Only give them admin rights to development vms on their machines. You can also use applocker or bit-9 to futher restrict what applications can be used or installed.
If you have no control over the remote device, then no, you cannot make it do anything. Unless they're dumb enough to bridge their second connection to your network, you're not going to see any kind of information that might indicate what's going as they are likely to NAT the connection anyway if they were to abuse it in such a way.
So... create a POLICY... and if find that they violate it you walk them out the door.
You could take other approaches... 802.1X, etc, but that still doesn't give controlling authority of the remote device that you're trusting onto your network.