Problem solve Get help with specific problems with your technologies, process and projects.

How to block a non-company laptop from infecting the network

My company has a Win2000 environment with only one domain. Without the IT deptartment's pre-approval, a user brought in his Win2000 home laptop and connected it to the company network. He set it to join a workgroup instead of the domain. This way, he won't need to log on to the domain, but still can map to a few known shared folders. We would like to find a way to block this method to avoid any non-company laptop infecting the network with viruses. Is there a way to disable the 'workgroup' under Win2000?
No, you cannot disable workgroup. And, if a user brings in a computer and plugs it in, if his computer is infected with a virus or worm, it may spread itself in many ways -- not just by connecting to a file share. One solution, however, to prevent rogue computers from connecting to a file share, is to write an IP security policy for file servers that requires connections from workstations to negotiate the policy. If you require Kerberos for authentication of the IPSec policy negotiation, no computer that is not a domain member, will be able to successfully negotiate a connection.

Dig Deeper on Unified endpoint management

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.