Re: Adding Computers to the Domain (AD)

From: beb (someone_at_someplace.com)
Date: 03/31/05


Date: Thu, 31 Mar 2005 00:09:19 -0500

Depends on the setup. Administering static IP and Mac address in a large
environment could be a nightmare.

"Jimmy Paige" <Jimmy Paige@discussions.microsoft.com> wrote in message
news:7D67C067-CC09-4028-B9B8-018E64FD8412@microsoft.com...
> The solution that would solve all of this: DHCP mac address lockdown!
> Unauthorized clients wont even pull an IP let alone be able to add
> themselves
> to the domain. Which would also solve the problem of a virus getting on
> the
> network. Agree?
>
> "Robert Moir" wrote:
>
>> bonehead wrote:
>>
>> > It certainly shouldn't mean that they should be allowed to just plug
>> > in any virus/worm/trojan infected laptop (or any device at all, for
>> > that matter) into my network unless <em>I</em> am thoroughly
>> > satisfied that that particular device is clean and secure.
>>
>> They shouldn't. Quite correct. Thats why i've made the choice to turn
>> this
>> setting off, myself.
>> However, worms such as, for example, blaster, will travel across a
>> network
>> based on what IP networking you have setup (e.g. they can potentially
>> access
>> any systems they have a route to). Domain membership, or not, for the
>> computer won't stop that.
>>
>> However, Domain Membership for the computer can ensure that group
>> policies
>> are applied to push patches to the machine via SUS, check and
>> update/install
>> AV software, setup security measures like firewalls and lock users out of
>> areas you'd rather they left alone.
>>
>> If your environment can get over the initial hump of users adding
>> computers
>> to the domain by themselves, then there _is_ an arguement to be made that
>> this is more secure than "forcing" them to use the computers outside the
>> domain, but on your network "wire".
>>
>> > Personally, I tend to agree more with Mr. Smith, who wrote:
>> >> How do I find out who added what computer to the domain so I can go
>> >> beat the user with a patch cable for doing so w/o my permission?
>>
>> Better ask *why* they did it, is there an enforcable personnel policy
>> forbidding it, and how they managed to find an empty port to plug it
>> into.
>> Unless you let users change the wiring in your switch cabinets of course,
>> in
>> which case who can add machines to the domain may well be the least of
>> your
>> worries.
>>
>>
>> --
>> --
>> Rob Moir
>> Website - http://www.robertmoir.co.uk
>> Virtual PC 2004 FAQ -
>> http://www.robertmoir.co.uk/win/VirtualPC2004FAQ.html
>> Kazaa - Software update services for your Viruses and Spyware.
>>
>>
>>



Relevant Pages

  • Re: [opensuse] Suse 10.2 shared printer + Mac OSX
    ... Setup the Mac for ipp printer and select laserjet 2300 and the print ... If I look at the print queue, ... The second one had osx 10.3.9 and was more stubborn. ...
    (SuSE)
  • Re: Linksys WAP54G and Panther
    ... >> don't support Macs. ... >> notebook and configure the AP to only talk to that mac address. ... >> anybody know how to do this with this linksys hardware and the OS ... >>>on my PC I ran the Linksys setup software. ...
    (comp.sys.mac.apps)
  • Re: [opensuse] Suse 10.2 shared printer + Mac OSX
    ... Setup the Mac for ipp printer and select laserjet 2300 and the print ... and catch the username denial, then add it to /etc/cups/printers.conf using ... The second one had osx 10.3.9 and was more stubborn. ...
    (SuSE)
  • Re: [opensuse] Suse 10.2 shared printer + Mac OSX
    ... Setup the Mac for ipp printer and select laserjet 2300 and the print ... and catch the username denial, then add it to /etc/cups/printers.conf using ... The second one had osx 10.3.9 and was more stubborn. ...
    (SuSE)
  • Re: Setting up Linksys router with a Mac?
    ... Hei hei ... > I've just purchased the Linksys WRT54GX router but I've run into ... The problem is the setup web page that I get ... As to Mac IE: the latest version is some 4 years old. ...
    (comp.sys.mac.comm)