At a firewall level, no. Any process that will get you OS info would also allow you to get the IP.
Edit: Unless you’re doing it before a DHCP lease assignment, but I’m pretty sure you can’t use the MAC to gain any system info without software being installed on the computer.
But if the purpose is to block windows from ever communicating on the network, what you could do is assign an IP for a subnet that can’t talk out, get the OS, then assign a new IP on your main network for non-windows devices.
I’m not sure. Maybe. It would depend if all clients connected automatically use the default profile or if they have to be added to the clients list (in which case you would need IP). I haven’t looked into that actually.
Could you block any outgoing from any windows machine without knowing it’s IP? That could be fun.
At a firewall level, no. Any process that will get you OS info would also allow you to get the IP.
Edit: Unless you’re doing it before a DHCP lease assignment, but I’m pretty sure you can’t use the MAC to gain any system info without software being installed on the computer.
But if the purpose is to block windows from ever communicating on the network, what you could do is assign an IP for a subnet that can’t talk out, get the OS, then assign a new IP on your main network for non-windows devices.
I’m not sure. Maybe. It would depend if all clients connected automatically use the default profile or if they have to be added to the clients list (in which case you would need IP). I haven’t looked into that actually.