Network domain security questions

G

greggpb

Expert Member
Joined
Apr 22, 2005
Messages
1,818
Reaction score
0
Location
Cape Town
I am getting a new laptop.. I want to set it up to use mulitple domains as i us it on site at multiple clients.....

My previous laptop was added to the domain by one of my vclients IT guys and BAsically they gave themself admin on my Laptop.. I didnt really mine because it was just a work pc... But my next laptop is gonna be personal/ work...

How would i alow them to add my pc to thier network without alowing them to have andmin rights on my pc ? what setup would you recommend...

will probally have run XP2
 
Don't connect to their domain. Just setup your notebook as a workgroup station instead of making it connect to domains.
 
That's the problem, unless there's a trust relationship between the domains you need access to you can't log onto multiple domains.
 
I only need to access one domain at a time....

I need to be able to access servers and printers on that domain and log onto that domain with my domain account...

not 100% sure how this works, maybe vista with upgraded security would help... ?
 
Problem is the domain policies overrides your local security policies as you "trust" the domain when logging into that domain. Especially if the company uses Active Directory.
 
Usually if you don't belong to a domain, but want to access resources on it, you will be prompted for a username/password when connecting to shares, etc.
 
Bummer, so its looking like a hard problem to solve...

At the momnet i have a encryped data partition.. but the minute i am on the domain and its mounted thourhgt my profile then the network admin could access it..
 
what about running some sort of vm that connected to the lan then using that as a proxy to connect to the domain ?
 
Yeah, that's it.

All you need is user accounts on each domain and keep your laptop off the domain completely. You get a DHCP address and and use the local DNS server to resolve server names and addresses.
 
JUGGY said:
Yeah, that's it.

All you need is user accounts on each domain and keep your laptop off the domain completely. You get a DHCP address and and use the local DNS server to resolve server names and addresses.
Click to expand...

Sorry gonna sound like a retard.. but whats it ?
 
JUGGY said:
Yeah, that's it.

All you need is user accounts on each domain and keep your laptop off the domain completely. You get a DHCP address and and use the local DNS server to resolve server names and addresses.
Click to expand...
Unless the DHCP is configured not to allow non authenticated domain users to get an ip :/
 
BobbyMac said:
Unless the DHCP is configured not to allow non authenticated domain users to get an ip :/
Click to expand...

How's that work then? From what you've written, I envisage this:

Client to DHCP : Hi, can I have an IP please?
DHCP to Client : Have you authenticated on AD?
Client to DHCP : I can't do that without an IP.
{embarrassed silence}
 
Sorry, perhaps I wasn't too clear: You can create a DHCP server inside an Active Directory Scope, and only permit specifically authenticated clients (against AD) to get specific IP addresses. The authentication happens seamlessly.
 
BobbyMac said:
Sorry, perhaps I wasn't too clear: You can create a DHCP server inside an Active Directory Scope, and only permit specifically authenticated clients (against AD) to get specific IP addresses. The authentication happens seamlessly.
Click to expand...

Ah, thanks. That makes more sense ;)
 
Yes you must get username and password of an account that was created in AD on each domain. You could then create a seperate batch files that authenticates you on each (net use \\server\share ...) domain because everytime you restart your pc you will have to auth yourself again.

On the DHCP , depending on the strictness of the 2k/2k3 DHCP server, the server should give you an ip address once you connect to their LAN even if your not authenticated.

Regards
d
 
You could just setup the domain names in your network configuration "DNS" tab, select "Append these DNS suffixes in order", just the domain names below and in order.

1. for all the domains listed, you must have a user and computer account already setup within Active Directory for each domain.

2. DHCP is not a problem as ip reservations are almost always used for servers.

3. The admins will have DNS scavenging setup to remove unused ip's within a specified period.

We have a couple of special accounts setup just for contractors, visitors within our domain as most do. Nothing much to it as your acc membership will determine you level of access on the domains anyway.
 
You must log in or register to reply here.
Back
Top
Sign up to the MyBroadband newsletter
X