Re: Browsing domain from non-domain PC

From: Jordan (nojunk_allowed_at_nospam.com)
Date: 09/02/05

• Next message: Alex Sutton [MSFT]: "Re: Event Log Size"
• Previous message: Joe Richards [MVP]: "Re: Directory Service Access Security Failure 565 with Object=GUID"
• In reply to: Roger Abell [MVP]: "Re: Browsing domain from non-domain PC"
• Next in thread: Roger Abell [MVP]: "Re: Browsing domain from non-domain PC"
• Reply: Roger Abell [MVP]: "Re: Browsing domain from non-domain PC"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Date: Thu, 1 Sep 2005 20:36:56 -0400

Thanks,

If that problem was not bad enough you would not believe what happened
today. I had to do an Antivirus upgrade the other night and since his
program is a complete PIG with system resources he thinks we should exclude
all the stations that are going to use his program from AV protection yet
still allow him full Internet access to download things because he "will be
really careful and knows what [he] is doing."

Don't I have the legal right to shoot him for being that stupid or isn't at
least my obligation?

"Roger Abell [MVP]" <mvpNoSpam@asu.edu> wrote in message
news:ulwv2PjrFHA.260@TK2MSFTNGP11.phx.gbl...
> You could, as you indicate, make the machine a stand-alone, outside of
> the domain(s), and provide machine local accounts to those that need to
> use this test machine. If those users are not administrators on that
> machine
> then you could define an IPsec policy so that the machine is not able to
> communicate with any other machines except those that you specifically
> allow, like the one server where the test data goes.
>
> The best approach however is to build a list of point items that details
> the few options this software is allowing for implementation, and the
> risks to the enterprise each of these presents. Then, use this to drive
> a higher-level directive to the developers to get off their dufas and
> learn how to do it correctly.
> --
> Roger
>
> "Jordan" <nojunk_allowed@nospam.com> wrote in message
> news:O90W5%23LrFHA.3788@TK2MSFTNGP12.phx.gbl...
>>I have a computer on the domain that needs to run tests 24x7. The
>>programmer of the software cannot seem to manage to get his testing
>>software to run with the console locked without crashing. I have even
>>gotten one of those programs that disables the keyboard and mouse and the
>>program still crashes. I have no idea what they are doing to cause the
>>problem but they are totally unable to fix the problem so, of course, now
>>I am stuck to find a way to allow this computer to run 24x7 with the
>>console open yet still maintain network security.
>>
>> The computer is just running test data so there is no information on the
>> local computer that is of any concern. It would be great if I could just
>> leave this off the network unplugged but the programmer is always
>> updating the software and needs to copy the new versions down and maybe
>> copy a gigs worth of data up to a server for analyzing every now and
>> then.
>>
>> I was thinking about just removing it from the domain and giving all the
>> users that need to run the tests local accounts, but the problem is the
>> users can still browse the domain via Network Neighborhood and just map
>> drives and see things by just supplying their user names and passwords
>> when they are prompted. I know all of them are going to choose to save
>> the username and passwords which makes taking the computer off the domain
>> equally useless.
>>
>> What can I do to allow this computer to run the tests yet prevent access
>> to domain resources even if the users has a domain password.
>>
>
>

---

• Next message: Alex Sutton [MSFT]: "Re: Event Log Size"
• Previous message: Joe Richards [MVP]: "Re: Directory Service Access Security Failure 565 with Object=GUID"
• In reply to: Roger Abell [MVP]: "Re: Browsing domain from non-domain PC"
• Next in thread: Roger Abell [MVP]: "Re: Browsing domain from non-domain PC"
• Reply: Roger Abell [MVP]: "Re: Browsing domain from non-domain PC"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Relevant Pages Re: Browsing domain from non-domain PC ... >open yet still maintain network security. ... > leave this off the network unplugged but the programmer is always updating ... > users that need to run the tests local accounts, ... > the username and passwords which makes taking the computer off the domain ... (microsoft.public.win2000.security) Re: Mobile Users and Domain Password Management ... >>However with out the requirement to change passwords, ... If you require users to change both a network and local ... > So get rid of the passwords - use likes of smart card instead. ... Is smartcard logon possible for local accounts under Windows XP Prof.? ... (microsoft.public.windows.server.security) Re: [fw-wiz] Stanford break in ... Are network synchronized passwords a bad idea, ... > physical and logical security of accounts (ie: ... > Authenticate with the server, but only allow access to one workstation. ... (Firewall-Wizards) RE: should i bother?? ... > (network address translation from a public IP to a private network is always advised here) ... certain outgoing ports on the firewall at work. ... I run root kit hunter as a daily cron job. ... > Strong passwords of random letters, with at least two numbers and two special characters for all accounts, definately root. ... (Fedora) Re: FW: Hydra or network logon cracker for Windows? ... Couldn't you just Nmap your whole Network and dump the IP's of the Windows ... passwords such as the company name and so forth. ... > Original> EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE ... (Security-Basics)

---

We are proud to have Web Hosting and Rack Housing from 9 Net Avenue Deutschland.
(12)