Re: XP security

From: Roger Abell [MVP] (mvpNoSpam_at_asu.edu)
Date: 05/29/03 

Date: Thu, 29 May 2003 12:25:22 -0700

"David Wenham" <dwneham@marbroker.som> wrote in message
news:4eb101c32602$0db34b70$a001280a@phx.gbl...
> My boss has new laptop, and needs access to NT domain
> resources mostly a mapped network drive, but his is
> security paranoid and wants no one to access his computer,
> either remotely or infront of it.
>
> I have 2 means of resolving this problem.
>
You missed one (at least)

> 1. Attached the computer to the domain. The doman
> administrator can access his computer and therefore access
> all his information. Any solutions here ?
>
remove Domain users from Users, and also remove
from Users Authenticated Users and INTERACTIVE
and then add his domain account to Users
remove Domain Admins from Administrators and have
his issue a memo that any Domain Admin that changes
that is out the door.

> 2. Attached to the the workgroup of same name of the
> domain and map the drive. This work fine until he steps
> outside the office connects to a ISP. When connects to
> outside network ie at home dials into the internet, when
> he reconnects to the netwrok the next day he loses the
> workgroup connection and cannot see the the rest of the
> network, and therefore loses the network drive. Any
> solutions here ?
>
Get a different ISP that does not dictate what must be
the workgroup name ! They have no business doing that.
or
Use a login script with some intelligence to reestablish
his environment, or get an app like NetSwitcher

> Thanks
>
> David
>

Relevant Pages

  • Re: Domain Admin .vs Adminstrator Account
    ... THE Administrator account is the initial or default ... > However, the domain admins group is automatically added to the local> administrators group on all domain members, which means that> the domain admins account has full administrative control over all domain> member machines. ... The administrator account on the other hand, isn't as> powerful in this way (just being an administrator of the domain doesn't mean> you can install software on domain members); the administrator account is> much more powerful, as Cary already stated, from a domain administrative> stand point. ...
    (microsoft.public.win2000.active_directory)
  • Re: Roaming Profile problem
    ... Unless you're playing with Restricted groups policy or any other scripts, generally Domain Admins are members of local Administrators in all machines in the domain check that. ... I did log on as the domain administrator not the local admin. ... You're logged on with the account that refer to the profile to be copied. ... Logged on as test student ...
    (microsoft.public.windows.server.active_directory)
  • Re: Possible answer to domain problems
    ... that the DCPROMO process may change the policy so that only domain admins ... local administrator when running DCPROMO, so that if the Domain Admins group ... > install Office XP on it, so I started from scratch again. ...
    (microsoft.public.win2000.security)
  • Re: full sharing between domain admins
    ... mentions a determined domain administrator ultimately has ways to gain ... themselves back in local administrators group for instance. ... > to the adminsitrative share of other domain admins, ... > by adding the other domain admin accounts to the "deny ...
    (microsoft.public.win2000.security)
  • Best Practices pointer please
    ... Read a "Best Practices" article at Microsoft this week. ... The suggestion was to log in as a limited user and us ... "runas" to perform administrator tasks. ... to my ISP. ...
    (microsoft.public.windowsxp.security_admin)