Mixed network environments: Domains and Worgroups
Posted on 2007-10-13
Here is my situation.
We have one Server running Windows 2003 Standard, Exchange 2003, DHCP, SAV 9.0 and the back up software.
We have 72 computers with only basic user privileges assigned so the staff can't mess things up. 10 of those 72 computers are in a training room and will need to be managed by non-IT staff who need full administrative privileges on them in order to add or remove programs and do whatever they like to them. They also need to be able to access the internet.
To keep the network safe, my idea was to do the following for those 10 computers
1. sign up for a separate broadband service (cable, DSL or FIOS)
2. install a simple DHCP router and connect them to it (Linksys, Netgear, etc.)
3. change the computers over to a local workgroup from the domain
4. reconfigure the Symantec Antivirus programs to get updates from the Symantec online server instead of our internal server
5. create a local administrator account on each computer for the non-IT staff so they can do what they please on those computers
My question... Is it possible to bypass step 1 (keep the 10 computers tapped into the network's DHCP structure so they can get online) without exposing our network to security risks such as worms and what not? In all likelihood, some if not all of the 10 computers will eventually get infected or become compromised as the non-IT staff do not have much knowledge in managing security and the computers will be used by the public.
Any feedback would be appreciated.