Remove 1 computer from network?

  • Thread starter Thread starter JohnEsmay
  • Start date Start date
J

JohnEsmay

Our remote payroll service wants me to take the "payroll" computer off the
network. They are concerned with security. Windows XP Pro. Only 3
computers in workgroup now, connected to DSL router. Do not want to do
something uniformed that create other problems.. Help & Thanks
 
JohnEsmay said:
Our remote payroll service wants me to take the "payroll" computer off the
network. They are concerned with security. Windows XP Pro. Only 3
computers in workgroup now, connected to DSL router. Do not want to do
something uniformed that create other problems.. Help & Thanks
Click to expand...

Unplug the ethernet cable and the computer will be off the network. You can
update it as needed manually.

How to download updates and drivers from the Windows Update Catalog or from
the Microsoft Update Catalog:
http://support.microsoft.com/default.aspx?scid=kb;en-us;323166

Malke
 
Instead of removing the computer from the network, I suggest the following:

1) From control panel, go to Security Center and select Windows Firewall by
scrolling down;

2) In the dialogue box, click on "advanced" tab and in that box you will see
a button to reset the firewall to default.
<http://www.geocities.com/xfsgpr/first.png> click on that button to do
exactly that.

3) Now click on "Excptions" tab and remove the cheack marks (tick marks)
from everything including "File and Printer Sharing"
<http://www.geocities.com/xfsgpr/second.png>

4) Now click on General tab and make sure the second item called "Don't
allow exceptions" is checked" <http://www.geocities.com/xfsgpr/third.png>

Click OK and the computer is completely secure as recommended by Microsoft.
You are using Microsoft's OS right? If so it should be secure now!!

This method ensure the computer gets its mothly dosage of MS security
patches and the user can still continue using network resources. HOWEVER,
NOBODY CAN ACCESS ANY RESOURCES IN THAT MACHINE. This is what you want after
all!!

Hope this helps.
 
JohnEsmay said:
Our remote payroll service wants me to take the "payroll" computer off the
network. They are concerned with security. Windows XP Pro. Only 3
computers in workgroup now, connected to DSL router. Do not want to do
something uniformed that create other problems.. Help & Thanks
Click to expand...

The problem with either physically disconnecting the payroll computer
(clearly, the most secure method of removing a computer from a network)
or disallowing exceptions in Windows Firewall is that your remote
payroll service may be locked out as well.

You need a bit more information about what that remote service needs in
terms of access to your payroll computer.

At the very least, make sure that the payroll computer is formatted with
NTFS and set strong passwords for all accounts, including the built-in
Administrator (and *don't* forget to write them down, especially the
Administrator account, and keep that info in a safe, secure place -- not
on a Post-It attached to the monitor).


--
Lem -- MS-MVP

To the moon and back with 2K words of RAM and 36K words of ROM.
http://en.wikipedia.org/wiki/Apollo_Guidance_Computer
http://history.nasa.gov/afj/compessay.htm
 
Hi
You can put an additional Router in front of the payroll computer.
This will allow the payroll computer to access the other computers but would
not be able to Access it.
Here is the principle. Network Segregation -
http://www.ezlan.net/shield.html
Jack (MS, MVP-Networking)
 
Thanks Lem,

We sign onto the Remote Payroll service locally, and then enter the data. A
scan from the remote payroll service detects something it does not like and
crashes the program. Their guess was our small network. We also do remote
backup. "Payroll" may be seeing that program.

Lem, your suggestion for more information is helpful.

Jacks suggestion of another router may help.

Could I accomplish goal by assigning the payroll computer to a differant
workgroup. Would that keep the other computers off the payroll computer but
still let everyone connect to the internet?

Thanks All

John Esmay
 
JohnEsmay said:
Thanks Lem,

We sign onto the Remote Payroll service locally, and then enter the data. A
scan from the remote payroll service detects something it does not like and
crashes the program. Their guess was our small network. We also do remote
backup. "Payroll" may be seeing that program.

Lem, your suggestion for more information is helpful.

Jacks suggestion of another router may help.

Could I accomplish goal by assigning the payroll computer to a differant
workgroup. Would that keep the other computers off the payroll computer but
still let everyone connect to the internet?

Thanks All

John Esmay
Click to expand...

No, a different workgroup wouldn't help. Workgroups are merely a
mechanism used by "Network Neighborhood." One can easily access files
between workgroups unless there is some other mechanism preventing that
access.

Jack's suggestion of a segregated network is an effective way to
accomplish what you want. All computers can access the Internet but the
computers on the two separate networks won't be able to communicate with
each other. Whether that configuration would satisfy the "scan" done by
your remote payroll service is another story. I suggest that you test
your payroll service's "guess" by disconnecting the network cables of
all the *other* computers on your network and see if the scan still crashes.

In terms of Jack's example, you would put your payroll computer on what
Jack calls the "segregated network" with an IP address of 192.168.2.x
and your other 2 computers on the "front network" with IP addresses of
192.168.1.x. Note that although Jack's example shows the "front
network" as wireless and the segregated network as wired, the connection
method is not important. If you don't need wireless capability, neither
router need have wireless capability.

--
Lem -- MS-MVP

To the moon and back with 2K words of RAM and 36K words of ROM.
http://en.wikipedia.org/wiki/Apollo_Guidance_Computer
http://history.nasa.gov/afj/compessay.htm
 
If you use a desktop computer, you might already know that there isn't
any single part called the "computer." A computer is really a system
of many parts working together. The physical parts, which you can see
and touch, are collectively called hardware. (Software, on the other
hand, refers to the instructions, or programs, that tell the hardware
what to do.){{http://farm3.static.flickr.com/
2475/3664426545_651b6397ae.jpg}}
 
Back
Top