By submitting your personal information, you agree that TechTarget and its partners may contact you regarding relevant content, products and special offers.
My company has a Win2000 environment with only one domain. Without the IT deptartment's pre-approval, a user brought in his Win2000 home laptop and connected it to the company network. He set it to join a workgroup instead of the domain. This way, he won't need to log on to the domain, but still can map to a few known shared folders. We would like to find a way to block this method to avoid any non-company laptop infecting the network with viruses. Is there a way to disable the 'workgroup' under Win2000?
No, you cannot disable workgroup. And, if a user brings in a computer and plugs it in, if his computer is infected with a virus or worm, it may spread itself in many ways -- not just by connecting to a file share. One solution, however, to prevent rogue computers from connecting to a file share, is to write an IP security policy for file servers that requires connections from workstations to negotiate the policy. If you require Kerberos for authentication of the IPSec policy negotiation, no computer that is not a domain member, will be able to successfully negotiate a connection.