Is it possible for a company to have desktops that arent joined to a domain? If so does this pose a risk, i.e. in terms of management? Are there genuine reasons why desktops wouldn't be joined to a domain, and any mitigating controls that can be put in place for devices that arent joined to the domain?

Is it possible for a company to have desktops that arent joined to a domain? If so does this pose a risk, i.e. in terms of management? If you cannot manage/monitor how will you ensure the machines are not doing bad things to your network? If you are using a corporate solution for anti-virus, how will the roque systems play into that? Are there genuine reasons why desktops wouldn't be joined to a domain, and any mitigating controls that can be put in place for devices that arent joined to the domain? I cannot think of a single good reason to hook up non-domain units to a network. From a security standpoint at least. You need a temp access? Set up a GoToMyPC type session under your control. Mitigation? #1 Mitigation would be to turn them off and disconnect from the network.. #2 Another mitigation is to set up a managed switch that allows communication between domain computers on their own virtual LAN and non domain computers on their own virtual LAN.

Hello, of course this is possible. We have thin clients that are not joined to the domain as no user is logging on to them, these are some dumb devices that just run from a disk or hardened flash drive for example. User connect over this way to Terminal servers, where the normal domain way is working with all required security. "Normal" machines join always to the domain as you are not able to control them if other people are admin on them. They can run whatever software to either scan your network or also try to hack it. You can use network access protection and manageable switches or DHCP servers with prepared settings: http://blogs.technet.com/b/teamdhcp/archive/2007/10/03/dhcp-server-callout-dll-for-mac-address-based-filtering.aspx http://technet.microsoft.com/en-us/network/bb545879Best regards Meinolf Weber Disclaimer: This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.