Workgroup PC on our domain????

April 1, 2011 at 09:33:14
Specs: Windows XP, D/C Pent
We are on a domain and all of our office computers are joined to that domain. Today, a remote employee brought her laptop in, and needed to get on the internet via our network. I plugged the laptop into our LAN and thought that I would need to add it as a domain computer on our server...but i didn't. Just plugging it in allowed her internet access, and when I open the Network folder, all of our domain computers show up as if they were in workgroup mode. What is going on here? Is this right? I double checked that the laptop in question was not already added to the domain, and it was not.

This lapto runs vista and all of our domain workstations are XP Pro.

See More: Workgroup PC on our domain????

Report •

April 1, 2011 at 09:51:38
She might be able to see the domain computers, but could she access them? The ability to reach the Internet has nothing to do with domain or workgroup. Presumably she picked up an IP address, netmask, default router, and DNS server via DHCP.

That all sounds normal to me. If she had been able to access resources on your domain without authenticating then I would say there was something very wrong; but just being able to see that the machines exist is normal.

Report •

April 1, 2011 at 10:13:50
"and thought that I would need to add it as a domain computer on our server...but i didn't. Just plugging it in allowed her internet access,"

Just because you have a Domain does not mean it will block any one from just plugging in to your network and getting access. First, if you want to prevent any one from just plugging in and getting internet access you can setup a Proxy Server and an internal firewall to block internet access. There are other things you can do as well.

As for your domain computers being visible by other computers on the network you can either configure your software firewall to block ICMP (not recommended) or do the following.

Also, not recommended.

Once some one has physical access to your network then they have more control. There are techniques for protecting against this but in the end you have to give people inside the NAT access or then there would not be a network. Also as stated above, just because they can see the servers does not mean they can access them.

Report •

April 1, 2011 at 10:25:56
@ijack: Okay, now that you mention it. I only browsed to a domain computer and saw the shared printer folder and a public folder on that machine. I just checked it out and I actually cannot access those resources - gives me an Access Denied error, so that's fine. My bad!

@ace-omega: Gotcha! Thanks for the info and links. I just landed this job on Monday, so I'm just trying to figure everything our and get a game plan together. The company has never had an in-house IT person, so I've got my work cut out for me.

To be honest, as long as they can't access the server or workstation shares, I'm good. I need her to be able to get on the internet, and I usually keep any open network ports disabled at the patch panel anyway.

Thanks again guys!

Report •

Related Solutions

Ask Question