A method and apparatus for providing security based on a device identifier prior to booting an operating system on the computing device. Upon power on of a computing device, pre-execution services (PES) are loaded. The PES includes services for retrieving a device identifier from a network interface device and sending the device identifier to a validation server that validates the device identifier based on a database of valid device identifiers. The validation server may perform a lookup of the device identifier in the database and, if the device identifier is present in the database, retrieve rules associated with that device identifier to determine if the device identifier is still valid under current conditions. The rules are applied to data representing current conditions to determine if all requirements for allowing access to the computing system are satisfied. Based on the application of the rules for the device identifier, a determination is made as to whether the device identifier is valid or not. If the device identifier is not valid, a command is sent back to the computing device instructing the computing device to shutdown and not complete the booting sequence. If the device identifier is valid, then a message is sent to the computing device indicating that the boot operation may continue and as a result, the operating system of the computing device is booted.