Domain installed, workgroup can access server

J

JM

Please let me know if Server 2003 questions aren't appropriate here. I'll
post my queries elsewhere.

I'm not educated on domains and servers, other than some limited hands-on
experience. The company I work for had a 15-computer workgroup for 2-3
years (all Windows XP). We recently had an IT person install Windows Server
2003 and set up an Active Directory domain. He joined the 8 "more
important" computers to the domain, "ourcompany.local." Those computers now
log on to the domain, while the other computers remain in the "ourcompany"
workgroup.

What concerns me is that on the workgroup computers the user can go to "view
workgroup computers" in My Network Places and see the server/domain
controller there. If the server icon is double-clicked, it prompts for
username and password and allows the user in.

Is this correct?

thank you

jm
 
P

Paul Bergson

Yes. There is nothing wrong with this, if the user has the proper
credentials they can log in an use the available resources.

I'm curious as to why you wouldn;t just join all the computers to the
domain. User can then share resources between the entire company and not
have to maintain multiple passwords as you do in a workgroup.

--
Paul Bergson MCT, MCSE, MCSA, Security+, CNE, CNA, CCA
http://www.pbbergs.com

Please no e-mails, any questions should be posted in the NewsGroup

This posting is provided "AS IS" with no warranties, and confers no rights.
 
J

JM

Paul Bergson said:
Yes. There is nothing wrong with this, if the user has the proper
credentials they can log in an use the available resources.

I'm curious as to why you wouldn;t just join all the computers to the
domain. User can then share resources between the entire company and not
have to maintain multiple passwords as you do in a workgroup.
Click to expand...

Thank you for your reply.

You raise a good question. The only answer I can provide is that the
non-domain computers are more or less "public use" computers that need
internet access only. The business is a realtor, and we provide several
computers in a designated area for "roaming" or "independent" agents who
have business in the office and need internet access. Also, many of the
company agents come and go all the time with laptops. We thought it best to
make all the management and admin computers part of a secure domain, and
leave these other computers and laptops out of the network.

Is there a better way to do this?

thank you,

jm
 
P

Paul Bergson

No that is a good idea if the machines are for public use I wouldn't want
users on a domain machine. I would attempt to isolate them as much as
possible.

--
Paul Bergson MCT, MCSE, MCSA, Security+, CNE, CNA, CCA
http://www.pbbergs.com

Please no e-mails, any questions should be posted in the NewsGroup

This posting is provided "AS IS" with no warranties, and confers no rights.
 
G

Guest

Hi,

Actually if your company has two sets of users, public and internal, is it
not more secure to segregate them into different zone/ VLANs? That way you
can prevent public user from reaching/ viewing your company's domain servers/
computers.

-Edwyn
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Benefit of domain vs workgroup 1
Demote Windows Server 2000 Domain Controller 11
Using a Workgroup and a Domain on 2000 Server 1
Rights - 2003 Server in Windows NT4 Domain 4
Rejoing DC after server crash 2
Unable to Join to a domain 1
*****Join computer to domain from different network (can not use by domain.com, but 'domain' only) 4
Win2003 domain and clients 4

Top