Domain installed, workgroup can access server

  • Thread starter Thread starter JM
  • Start date Start date
J

JM

Please let me know if Server 2003 questions aren't appropriate here. I'll
post my queries elsewhere.

I'm not educated on domains and servers, other than some limited hands-on
experience. The company I work for had a 15-computer workgroup for 2-3
years (all Windows XP). We recently had an IT person install Windows Server
2003 and set up an Active Directory domain. He joined the 8 "more
important" computers to the domain, "ourcompany.local." Those computers now
log on to the domain, while the other computers remain in the "ourcompany"
workgroup.

What concerns me is that on the workgroup computers the user can go to "view
workgroup computers" in My Network Places and see the server/domain
controller there. If the server icon is double-clicked, it prompts for
username and password and allows the user in.

Is this correct?

thank you

jm
 
Yes. There is nothing wrong with this, if the user has the proper
credentials they can log in an use the available resources.

I'm curious as to why you wouldn;t just join all the computers to the
domain. User can then share resources between the entire company and not
have to maintain multiple passwords as you do in a workgroup.

--
Paul Bergson MCT, MCSE, MCSA, Security+, CNE, CNA, CCA
http://www.pbbergs.com

Please no e-mails, any questions should be posted in the NewsGroup

This posting is provided "AS IS" with no warranties, and confers no rights.
 
Paul Bergson said:
Yes. There is nothing wrong with this, if the user has the proper
credentials they can log in an use the available resources.

I'm curious as to why you wouldn;t just join all the computers to the
domain. User can then share resources between the entire company and not
have to maintain multiple passwords as you do in a workgroup.
Click to expand...

Thank you for your reply.

You raise a good question. The only answer I can provide is that the
non-domain computers are more or less "public use" computers that need
internet access only. The business is a realtor, and we provide several
computers in a designated area for "roaming" or "independent" agents who
have business in the office and need internet access. Also, many of the
company agents come and go all the time with laptops. We thought it best to
make all the management and admin computers part of a secure domain, and
leave these other computers and laptops out of the network.

Is there a better way to do this?

thank you,

jm
 
No that is a good idea if the machines are for public use I wouldn't want
users on a domain machine. I would attempt to isolate them as much as
possible.

--
Paul Bergson MCT, MCSE, MCSA, Security+, CNE, CNA, CCA
http://www.pbbergs.com

Please no e-mails, any questions should be posted in the NewsGroup

This posting is provided "AS IS" with no warranties, and confers no rights.
 
Hi,

Actually if your company has two sets of users, public and internal, is it
not more secure to segregate them into different zone/ VLANs? That way you
can prevent public user from reaching/ viewing your company's domain servers/
computers.

-Edwyn
 
Back
Top