Solved

Security impact of joining a domain

Posted on 2002-03-04
4
126 Views
Last Modified: 2010-04-14
Hello,

I want to join a Windows 2000 Pro client to a corporate domain (unsure if it is a NT or Win2k domain).

After doing this, will the owners of the domain have any type of priviliged access back into my client machine? More importantly, how can this priviliged access be limited?

Background:
A client machine at Company A needs to vpn and login to a domain at Company B. I need to make sure Company B can't compromise the client in Company A, and use it as a launchpad into Company A's network.

I need to do this very soon.

Thanks,
CubeDweller
0
Comment
Question by:cubedweller
  • 2
4 Comments
 
LVL 14

Expert Comment

by:AvonWyss
ID: 6841112
Domain administrators will have full administrator rights on your machine. I think you cannot prevent or limit this. However, you can use ACL's to explicitly disallow file access on critical files. If you remove the binding to the file and printer sharing and don't offer any other method of the admins accessing your computer, you will not be affected by their administration possibilities since they cannot get onto your computer.

Note that for a VPN connection there is no need to join their domain. In fact, the VPN is only a network connection. Please specify a little more precisely.
0
 
LVL 7

Accepted Solution

by:
franka earned 300 total points
ID: 6843037
Use the Usermanager (musrmgr.exe) on the client and
simply remove the global group "domain Admin." from the client's local group "administrators" and do the same with "domain users" and "domain guests" in the local groups.
0
 

Author Comment

by:cubedweller
ID: 6843144
franka & AvonWyss,

Both of you gave good, workable answers. Franka's was a little more on target, since I am trying to protect the computer, and not just particular files.

Also, since franka locked the question with a "proposed answer" (please stop doing that) instead of leaving a "comment", it seems I need to award the points to him.

Thanks,
CubeDweller
0
 
LVL 7

Expert Comment

by:franka
ID: 6843931
sorry, I didn't want to lock it, but my answer simply fits 100%.

Avonwyss is unfortunately not right when saying:
"I think you cannot prevent or limit this"

0

Featured Post

How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

Join & Write a Comment

NTFS file system has been developed by Microsoft that is widely used by Windows NT operating system and its advanced versions. It is the mostly used over FAT file system as it provides superior features like reliability, security, storage, efficienc…
A safe way to clean winsxs folder from your windows server 2008 R2 editions
It is a freely distributed piece of software for such tasks as photo retouching, image composition and image authoring. It works on many operating systems, in many languages.
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…

707 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now