What's the general security practice for such PCs? Do we connect to the
corporate LAN (where other users do sending email, MS Office) & do we
join them to the AD?
Or they ought to have a separate LAN or just simply standalone?
Do they need AV & signature updates (if so, is it via LAN or we manually
update) & is the backup the enterprise corporate backup or simply an
isolated standalone backup (say backup to an encrypted NAS)?