• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 145
  • Last Modified:

Security impact of joining a domain

Hello,

I want to join a Windows 2000 Pro client to a corporate domain (unsure if it is a NT or Win2k domain).

After doing this, will the owners of the domain have any type of priviliged access back into my client machine? More importantly, how can this priviliged access be limited?

Background:
A client machine at Company A needs to vpn and login to a domain at Company B. I need to make sure Company B can't compromise the client in Company A, and use it as a launchpad into Company A's network.

I need to do this very soon.

Thanks,
CubeDweller
0
cubedweller
Asked:
cubedweller
  • 2
1 Solution
 
AvonWyssCommented:
Domain administrators will have full administrator rights on your machine. I think you cannot prevent or limit this. However, you can use ACL's to explicitly disallow file access on critical files. If you remove the binding to the file and printer sharing and don't offer any other method of the admins accessing your computer, you will not be affected by their administration possibilities since they cannot get onto your computer.

Note that for a VPN connection there is no need to join their domain. In fact, the VPN is only a network connection. Please specify a little more precisely.
0
 
frankaCommented:
Use the Usermanager (musrmgr.exe) on the client and
simply remove the global group "domain Admin." from the client's local group "administrators" and do the same with "domain users" and "domain guests" in the local groups.
0
 
cubedwellerAuthor Commented:
franka & AvonWyss,

Both of you gave good, workable answers. Franka's was a little more on target, since I am trying to protect the computer, and not just particular files.

Also, since franka locked the question with a "proposed answer" (please stop doing that) instead of leaving a "comment", it seems I need to award the points to him.

Thanks,
CubeDweller
0
 
frankaCommented:
sorry, I didn't want to lock it, but my answer simply fits 100%.

Avonwyss is unfortunately not right when saying:
"I think you cannot prevent or limit this"

0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now