Re: Adding Computers to the Domain (AD)
From: beb (someone_at_someplace.com)
Date: 03/31/05
- Next message: Jupiter Jones [MVP]: "Re: Windows Server 2003 Server Service Pack 1 available"
- Previous message: jfn: "RE: Windows Server 2003 Server Service Pack 1 available"
- In reply to: Jimmy Paige: "Re: Adding Computers to the Domain (AD)"
- Next in thread: Luc L: "Re: Adding Computers to the Domain (AD)"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Thu, 31 Mar 2005 00:09:19 -0500
Depends on the setup. Administering static IP and Mac address in a large
environment could be a nightmare.
"Jimmy Paige" <Jimmy Paige@discussions.microsoft.com> wrote in message
news:7D67C067-CC09-4028-B9B8-018E64FD8412@microsoft.com...
> The solution that would solve all of this: DHCP mac address lockdown!
> Unauthorized clients wont even pull an IP let alone be able to add
> themselves
> to the domain. Which would also solve the problem of a virus getting on
> the
> network. Agree?
>
> "Robert Moir" wrote:
>
>> bonehead wrote:
>>
>> > It certainly shouldn't mean that they should be allowed to just plug
>> > in any virus/worm/trojan infected laptop (or any device at all, for
>> > that matter) into my network unless <em>I</em> am thoroughly
>> > satisfied that that particular device is clean and secure.
>>
>> They shouldn't. Quite correct. Thats why i've made the choice to turn
>> this
>> setting off, myself.
>> However, worms such as, for example, blaster, will travel across a
>> network
>> based on what IP networking you have setup (e.g. they can potentially
>> access
>> any systems they have a route to). Domain membership, or not, for the
>> computer won't stop that.
>>
>> However, Domain Membership for the computer can ensure that group
>> policies
>> are applied to push patches to the machine via SUS, check and
>> update/install
>> AV software, setup security measures like firewalls and lock users out of
>> areas you'd rather they left alone.
>>
>> If your environment can get over the initial hump of users adding
>> computers
>> to the domain by themselves, then there _is_ an arguement to be made that
>> this is more secure than "forcing" them to use the computers outside the
>> domain, but on your network "wire".
>>
>> > Personally, I tend to agree more with Mr. Smith, who wrote:
>> >> How do I find out who added what computer to the domain so I can go
>> >> beat the user with a patch cable for doing so w/o my permission?
>>
>> Better ask *why* they did it, is there an enforcable personnel policy
>> forbidding it, and how they managed to find an empty port to plug it
>> into.
>> Unless you let users change the wiring in your switch cabinets of course,
>> in
>> which case who can add machines to the domain may well be the least of
>> your
>> worries.
>>
>>
>> --
>> --
>> Rob Moir
>> Website - http://www.robertmoir.co.uk
>> Virtual PC 2004 FAQ -
>> http://www.robertmoir.co.uk/win/VirtualPC2004FAQ.html
>> Kazaa - Software update services for your Viruses and Spyware.
>>
>>
>>
- Next message: Jupiter Jones [MVP]: "Re: Windows Server 2003 Server Service Pack 1 available"
- Previous message: jfn: "RE: Windows Server 2003 Server Service Pack 1 available"
- In reply to: Jimmy Paige: "Re: Adding Computers to the Domain (AD)"
- Next in thread: Luc L: "Re: Adding Computers to the Domain (AD)"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
