Re: Adding Computers to the Domain (AD)
From: beb (someone_at_someplace.com)
Date: Thu, 31 Mar 2005 00:09:19 -0500
Depends on the setup. Administering static IP and Mac address in a large
environment could be a nightmare.
"Jimmy Paige" <Jimmy Paige@discussions.microsoft.com> wrote in message
> The solution that would solve all of this: DHCP mac address lockdown!
> Unauthorized clients wont even pull an IP let alone be able to add
> to the domain. Which would also solve the problem of a virus getting on
> network. Agree?
> "Robert Moir" wrote:
>> bonehead wrote:
>> > It certainly shouldn't mean that they should be allowed to just plug
>> > in any virus/worm/trojan infected laptop (or any device at all, for
>> > that matter) into my network unless <em>I</em> am thoroughly
>> > satisfied that that particular device is clean and secure.
>> They shouldn't. Quite correct. Thats why i've made the choice to turn
>> setting off, myself.
>> However, worms such as, for example, blaster, will travel across a
>> based on what IP networking you have setup (e.g. they can potentially
>> any systems they have a route to). Domain membership, or not, for the
>> computer won't stop that.
>> However, Domain Membership for the computer can ensure that group
>> are applied to push patches to the machine via SUS, check and
>> AV software, setup security measures like firewalls and lock users out of
>> areas you'd rather they left alone.
>> If your environment can get over the initial hump of users adding
>> to the domain by themselves, then there _is_ an arguement to be made that
>> this is more secure than "forcing" them to use the computers outside the
>> domain, but on your network "wire".
>> > Personally, I tend to agree more with Mr. Smith, who wrote:
>> >> How do I find out who added what computer to the domain so I can go
>> >> beat the user with a patch cable for doing so w/o my permission?
>> Better ask *why* they did it, is there an enforcable personnel policy
>> forbidding it, and how they managed to find an empty port to plug it
>> Unless you let users change the wiring in your switch cabinets of course,
>> which case who can add machines to the domain may well be the least of
>> Rob Moir
>> Website - http://www.robertmoir.co.uk
>> Virtual PC 2004 FAQ -
>> Kazaa - Software update services for your Viruses and Spyware.