jkorz
asked on
Block Active Directory Interference
Hello Experts,
This is going to sound super paranoid, but put yourself in my shoes before you judge...
Here's my dilemma. I work for a school (school A) that sells some of my time to another school (school B). School B uses active directory and school A does not. School B requires that I use outlook for email, which in turn requires me to be on their domain. Since I am a competent tech administrator, I want to avoid active directory interfering with anything on my computer: i.e. I don't want them to push updates down to me, don't want them to have access to my files / registry / etc... loss of control = sad tech guy
I have removed Domain Admins from my local administrator group and anything else domainish from other groups so I think that should take care of most of it, but what I need to know is can they still do anything just because I am a member of the domain?
If so, what ports / services do I need to block to ensure that I don't have to worry about any funny business like my computer restarting in the middle of an unsaved page of code because they are sending down updates?
Also, how do I remove any group policies that they have pushed down and prevent this from happening in the future.
Thanks in advance,
-jkorz
This is going to sound super paranoid, but put yourself in my shoes before you judge...
Here's my dilemma. I work for a school (school A) that sells some of my time to another school (school B). School B uses active directory and school A does not. School B requires that I use outlook for email, which in turn requires me to be on their domain. Since I am a competent tech administrator, I want to avoid active directory interfering with anything on my computer: i.e. I don't want them to push updates down to me, don't want them to have access to my files / registry / etc... loss of control = sad tech guy
I have removed Domain Admins from my local administrator group and anything else domainish from other groups so I think that should take care of most of it, but what I need to know is can they still do anything just because I am a member of the domain?
If so, what ports / services do I need to block to ensure that I don't have to worry about any funny business like my computer restarting in the middle of an unsaved page of code because they are sending down updates?
Also, how do I remove any group policies that they have pushed down and prevent this from happening in the future.
Thanks in advance,
-jkorz
ASKER
I could use OWA, but I would rather use the client.
It's not that I don't trust them per-se, they have a contracted network admin who doesn't spend much time here and relies heavily on the centralized management that AD provides for updates, security, etc... (things that normal users don't worry about, but I take care of). I want to do what I can (as opposed to relying on others) to avoid any more complications.
It's not that I don't trust them per-se, they have a contracted network admin who doesn't spend much time here and relies heavily on the centralized management that AD provides for updates, security, etc... (things that normal users don't worry about, but I take care of). I want to do what I can (as opposed to relying on others) to avoid any more complications.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
> School B requires that I use outlook for email,
Can't they use OWA? So you wont have to login into their domain.
But in my opinion, If you dont trust them you should not work for them.
I hope somebody has any tips for you.
Cheers!
regards,
Trenes