How to block a non-company laptop from infecting the network |
 |
EXPERT RESPONSE FROM: Roberta Bragg
|
|
|
| > |
QUESTION POSED ON: 03 November 2003
My company has a Win2000 environment with only one domain. Without the IT deptartment's pre-approval, a user brought in his Win2000 home laptop and connected it to the company network. He set it to join a workgroup instead of the domain. This way, he won't need to log on to the domain, but still can map to a few known shared folders. We would like to find a way to block this method to avoid any non-company laptop infecting the network with viruses. Is there a way to disable the 'workgroup' under Win2000?
|
|
| > |
EXPERT RESPONSE
No, you cannot disable workgroup. And, if a user brings in a computer and plugs it in, if his computer is infected with a virus or worm, it may spread itself in many ways -- not just by connecting to a file share. One solution, however, to prevent rogue computers from connecting to a file share, is to write an IP security policy for file servers that requires connections from workstations to negotiate the policy. If you require Kerberos for authentication of the IPSec policy negotiation, no computer that is not a domain member, will be able to successfully negotiate a connection.
|
|
|
|
|
|
|
|
Search and Browse the Expert Answer Center
Search and browse more than 25,000 question and
answer pairs from more than 250 TechTarget industry experts.
|
|
|
|
|
|
|
|
|
|
|
|
