隨著網路技術的快速發展與連網裝置的普及,網路的使用人口迅速增加, 網路安全的議題時常被提出來討論。本論文提出使用微軟Active Directory與網 路原則伺服器將桌上型電腦、筆記型電腦、智慧手機、平板、PDA等連網裝置 網卡位址做集中管理與驗證,再利用網管型交換器控制網路存取,系統經實作 證明不在Active Directory目錄中的網卡位址無法存取網際網路,達到集中管理 並且符合防禦標準預期。;With the fast growth of Internet technology and the popularity of networking devices, the number of Internet users increases rapidly, resulting in frequent discussion of network security issues. This paper proposes using Microsoft Active Directory and network policy server to centrally manage and verify the network card addresses of networking devices such as desktop computers, laptops, smart phones, tablets, PDAs, and then use a network- managed switch to control their network access. It proves that the network card addresses which are not listed in the Active Directory directory cannot access the Internet, allowing the system to achieve centralized management and meet the expected defense standards