Clear all

How to enable devices to “see” one another on secure network at work  



Hi, Geeks.

I work in an environment of locked-down Windows machines. I am allowed to bring my Mac and iOS devices and log in to the network (with internet access) via Ethernet (Mac) or via a WEP2-Enterprise WiFi (Mac or iOS). If I do this, each individual device is prevented from seeing any other device on the network.

What I want to do is figure out a way to enable my devices to see and communicate with each other while I am at work. Here are my crazy ideas for how to do this.

  1. IDEA: Connect a router directly to the network via Ethernet and create my own private subnetwork. COMMENT: I know this can be done. I've done it before, resulting in me getting a polite admonition from our director of IT security. The specific no-no, as I understood it, was connecting a routing device directly to the network. I flew under the radar for over a year, and then they identified an unknown MAC address on the network, which they were able to identify as a router.
  2. IDEA: Connect Mac to network via Ethernet and then share the network connection via the Mac's internal WiFi. (Is this possible? Can the Mac function as a router?)
  3. IDEA: Connect the Mac to network via WiFi, and then share the network connection via an access point or router connected to the Mac by Ethernet. (Is this possible?)
  4. IDEA: When at work, configure all my devices connect to my home via VPN using a Synology router or NAS, and configure my devices to see one other on my home network. (This sounds like a scene from the B-Movie “Inception for Geeks.” I have no idea if this is possible.)
  5. IDEA: Ask our IT director to configure the network to allow each of my devices (identified by MAC address) to see and communicate with each other when connected to the Enterprise WiFi.

Please give me your ideas and suggestions.

Thanks, gals and guys.


This topic was modified 1 year ago by llmmd
3 Answers


1) I have a vague memory that when a Mac "shares" a network connection it does so in a way that causes the connected devices to still be isolated.

2) Go back a step and review why you think you need your devices to talk directly to one another - rather than synchronise data via internet services.

3) Once you have put together the reasoning from number 2 above, decide in your head if this is compatible with corporate security and, if so, take that reasoning to the IT team to ask for device exemptions.

4) Not sure about your work situation, but where I used to work the procedure was instant dismissal for any deliberate attempt to subvert corporate security policy!!

Thanks for your thoughtful reply. One of the reasons I want to do this is so that I can use my iPad Pro outside my (nearby) office and VNC back to my Mac. 


A variation on 5.  Ask the IT dudes why are the systems isolated and can that be changed.


2) Yes, the Mac can be a router via Internet Sharing.  Whether the IT dudes would detect it as a router vs just a Mac that they already know about, I don't know.


NOTE: have your own WiFi access point can often be an issue inside a company.  Having ethernet lines is far more secure than an uncontrolled WiFi access point.  And a WiFi scanner running within 2-300 feet of your Mac acting as a WiFi access point would be detectable.  You can configure an iPhone or a Mac to be a WiFi scanner, so it is not difficult.  I'm sure there is something you could do for Windows as well and just walk around the office checking for rogue WiFi access points.


3 is similar to 2.  Same warning about running your own WiFi access point.  But you don't need a router, as your Mac would be the router, you would just need an Ethernet switch for other ethernet devices to be part of the Mac's subnet.


Question?  Can you access another system is you know their IP address?  Or does the company network only allow you to access specific servers and the internet via a corporate firewall and proxy servers?


 Thanks for your thoughtful response. 


 In answer to your question, The IT department configured our Windows machines to print on network printers, so obviously there is connectivity.



I understand what you are trying to do. The thing is that it is not your LAN/Network and as @kiwigraham correctly stated, you need to get in touch with your IT department to get them to assist you in making this happen as they will eventually find out what you are doing and you will have some serious explaining to do that could lead to termination in the most extreme cases. Corporate IT department policies are put there for good reason as the IT department needs to guard the assets of the company as they are tasked with making sure that everything works together and that no data leaks out from the company.

Assuming what you are doing is something that they approve of then they will be able to assist you in making this happen and also be able to support you when you have a  problem. This is key as any sort of hack you may come up with will most likely break when they reconfigure or upgrade the LAN/network and you do not want to have to waste a bunch of time and money trying to get your hack back up and running.

Also, yes, I am sure that there is connectivity to do what you are trying to do but it really is up to the IT department to work these issues out. You are a guest on their network and you need to respect their ownership of the resource you are using.

The analogy would be if a friend let you their car and then you let it out to someone else you knew but they did not and the car had an accident. The owner of the car would be upset as they did not know that their car was going to be used by someone they did not trust or authorize.