Solved

Security impact of joining a domain

Posted on 2002-03-04
4
128 Views
Last Modified: 2010-04-14
Hello,

I want to join a Windows 2000 Pro client to a corporate domain (unsure if it is a NT or Win2k domain).

After doing this, will the owners of the domain have any type of priviliged access back into my client machine? More importantly, how can this priviliged access be limited?

Background:
A client machine at Company A needs to vpn and login to a domain at Company B. I need to make sure Company B can't compromise the client in Company A, and use it as a launchpad into Company A's network.

I need to do this very soon.

Thanks,
CubeDweller
0
Comment
Question by:cubedweller
  • 2
4 Comments
 
LVL 14

Expert Comment

by:AvonWyss
ID: 6841112
Domain administrators will have full administrator rights on your machine. I think you cannot prevent or limit this. However, you can use ACL's to explicitly disallow file access on critical files. If you remove the binding to the file and printer sharing and don't offer any other method of the admins accessing your computer, you will not be affected by their administration possibilities since they cannot get onto your computer.

Note that for a VPN connection there is no need to join their domain. In fact, the VPN is only a network connection. Please specify a little more precisely.
0
 
LVL 7

Accepted Solution

by:
franka earned 300 total points
ID: 6843037
Use the Usermanager (musrmgr.exe) on the client and
simply remove the global group "domain Admin." from the client's local group "administrators" and do the same with "domain users" and "domain guests" in the local groups.
0
 

Author Comment

by:cubedweller
ID: 6843144
franka & AvonWyss,

Both of you gave good, workable answers. Franka's was a little more on target, since I am trying to protect the computer, and not just particular files.

Also, since franka locked the question with a "proposed answer" (please stop doing that) instead of leaving a "comment", it seems I need to award the points to him.

Thanks,
CubeDweller
0
 
LVL 7

Expert Comment

by:franka
ID: 6843931
sorry, I didn't want to lock it, but my answer simply fits 100%.

Avonwyss is unfortunately not right when saying:
"I think you cannot prevent or limit this"

0

Featured Post

Enterprise Mobility and BYOD For Dummies

Like “For Dummies” books, you can read this in whatever order you choose and learn about mobility and BYOD; and how to put a competitive mobile infrastructure in place. Developed for SMBs and large enterprises alike, you will find helpful use cases, planning, and implementation.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Application Deployment 2 257
How to change folder redirection to a new server 5 739
schedule script execution in windows 2000 3 133
Windows Foriegn Disk 3 136
NTFS file system has been developed by Microsoft that is widely used by Windows NT operating system and its advanced versions. It is the mostly used over FAT file system as it provides superior features like reliability, security, storage, efficienc…
Do you use a spreadsheet like Microsoft's Excel?  Have you ever wanted to link out to a non excel file on your computer or network drive?  This is the way I found to do it!
Along with being a a promotional video for my three-day Annielytics Dashboard Seminor, this Micro Tutorial is an intro to Google Analytics API data.
Finds all prime numbers in a range requested and places them in a public primes() array. I've demostrated a template size of 30 (2 * 3 * 5) but larger templates can be built such 210  (2 * 3 * 5 * 7) or 2310  (2 * 3 * 5 * 7 * 11). The larger templa…

810 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question