Ask the Expert

How to block a non-company laptop from infecting the network

My company has a Win2000 environment with only one domain. Without the IT deptartment's pre-approval, a user brought in his Win2000 home laptop and connected it to the company network. He set it to join a workgroup instead of the domain. This way, he won't need to log on to the domain, but still can map to a few known shared folders. We would like to find a way to block this method to avoid any non-company laptop infecting the network with viruses. Is there a way to disable the 'workgroup' under Win2000?
No, you cannot disable workgroup. And, if a user brings in a computer and plugs it in, if his computer is infected with a virus or worm, it may spread itself in many ways -- not just by connecting to a file share. One solution, however, to prevent rogue computers from connecting to a file share, is to write an IP security policy for file servers that requires connections from workstations to negotiate the policy. If you require Kerberos for authentication of the IPSec policy negotiation, no computer that is not a domain member, will be able to successfully negotiate a connection.

This was first published in November 2003

There are Comments. Add yours.

TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: