Re: Segregate Workgroup PCs from Domain PCs
- From: "Miha Pihler [MVP]" <mihap-news@xxxxxxxxxxx>
- Date: Tue, 27 Dec 2005 19:45:55 +0100
Hi Jim,
What I did for some of my customers in such situations is also limit access
to the internet to only computers that were domain joined.
In few of these cases, we used ISA server to authenticate users requesting
access to the internet (e.g. access to website) and we added some additional
policies (e.g. IPSec policies).
--
Mike
Microsoft MVP - Windows Security
"Jim" <hitchcockjr@xxxxxxxxxxx> wrote in message
news:1135634494.167708.110020@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
> hmmm....the first option actually looks like a winner. We already move
> accounts out of the computers OU into a <Company Name> Computers OU so
> this extra step of adding a group membership wouldn't be too tough.
>
> To answer your question, the reason we want to do this is to restore
> some order. This company creates hardware for Windows to run on.
> Because of it we have a ton of engineers that image the product with a
> base build of Windows with Office and are fine just running that off
> the network using their domain username/password. Because of that we
> have a ton of devices with no antirvirus, licensing issues, etc. If we
> lock them out of the network it will encourage the employee to request
> official employee images from IT.
>
.
- References:
- Segregate Workgroup PCs from Domain PCs
- From: Jim
- Re: Segregate Workgroup PCs from Domain PCs
- From: Miha Pihler [MVP]
- Re: Segregate Workgroup PCs from Domain PCs
- From: Jim
- Segregate Workgroup PCs from Domain PCs
- Prev by Date: Re: Logon script running to late
- Next by Date: Re: can't browse workgroup on Windows Server with XP Home
- Previous by thread: Re: Segregate Workgroup PCs from Domain PCs
- Next by thread: Bypassing proxy
- Index(es):
