Solved

Security impact of joining a domain

Posted on 2002-03-04
4
132 Views
Last Modified: 2010-04-14
Hello,

I want to join a Windows 2000 Pro client to a corporate domain (unsure if it is a NT or Win2k domain).

After doing this, will the owners of the domain have any type of priviliged access back into my client machine? More importantly, how can this priviliged access be limited?

Background:
A client machine at Company A needs to vpn and login to a domain at Company B. I need to make sure Company B can't compromise the client in Company A, and use it as a launchpad into Company A's network.

I need to do this very soon.

Thanks,
CubeDweller
0
Comment
Question by:cubedweller
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
4 Comments
 
LVL 14

Expert Comment

by:AvonWyss
ID: 6841112
Domain administrators will have full administrator rights on your machine. I think you cannot prevent or limit this. However, you can use ACL's to explicitly disallow file access on critical files. If you remove the binding to the file and printer sharing and don't offer any other method of the admins accessing your computer, you will not be affected by their administration possibilities since they cannot get onto your computer.

Note that for a VPN connection there is no need to join their domain. In fact, the VPN is only a network connection. Please specify a little more precisely.
0
 
LVL 7

Accepted Solution

by:
franka earned 300 total points
ID: 6843037
Use the Usermanager (musrmgr.exe) on the client and
simply remove the global group "domain Admin." from the client's local group "administrators" and do the same with "domain users" and "domain guests" in the local groups.
0
 

Author Comment

by:cubedweller
ID: 6843144
franka & AvonWyss,

Both of you gave good, workable answers. Franka's was a little more on target, since I am trying to protect the computer, and not just particular files.

Also, since franka locked the question with a "proposed answer" (please stop doing that) instead of leaving a "comment", it seems I need to award the points to him.

Thanks,
CubeDweller
0
 
LVL 7

Expert Comment

by:franka
ID: 6843931
sorry, I didn't want to lock it, but my answer simply fits 100%.

Avonwyss is unfortunately not right when saying:
"I think you cannot prevent or limit this"

0

Featured Post

Comparison of Amazon Drive, Google Drive, OneDrive

What is Best for Backup: Amazon Drive, Google Drive or MS OneDrive? In this free whitepaper we look at their performance, pricing, and platform availability to help you decide which cloud drive is right for your situation. Download and read the results of our testing for free!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

NTFS file system has been developed by Microsoft that is widely used by Windows NT operating system and its advanced versions. It is the mostly used over FAT file system as it provides superior features like reliability, security, storage, efficienc…
How many times a day do you open, acknowledge, or close an IT incident? What’s your process? Do you have a process depending on the incident, systems involved, and other factors? New Relic Alerts gives you options for how you interact with notifica…
In an interesting question (https://www.experts-exchange.com/questions/29008360/) here at Experts Exchange, a member asked how to split a single image into multiple images. The primary usage for this is to place many photographs on a flatbed scanner…

734 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question