My new company gave me a nice laptop to use, but they have set it up to discourage me from logging out of their NT domain. This means I can not easily change its settings to log into my home network, which uses a fairly insecure workgroup logon.
The laptop runs Windows XP Professional, plus some IBM and company-specific software.
Question:]
Does XP provide any way around this? I have a desktop, printer, and network attached storage on my home network that I would really like to use with my laptop, but with the laptop on its domain and my home network on a different workgroup, neither one can see the other.
I want to add that I support the company’s efforts to make my laptop secure, so I would much rather have a way to add functionality to the laptop rather than change it somehow. Also, my company’s IT people seem to think that I shouldn’t muck with it at all, and just live with the situation.
>I can not easily change its settings to log into my home network
You mean, you can’t change your workgroup name to match your home network name, and adopt whatever IP address setting mechanism and range you use at home (e.g. DHCP or 192-168-0-1 to 100)?
Are you even allowed to mess with it? I mean, did you agree not to do that with their notebook? What are they afraid of? What can you cost them if something goes wrong?
Not to stick my opinion where it doesn’t belong, but - if you can’t figure out how to get around their fence, should they trust you with the security of your own fence?
If I remember correctly, an NT/2K/XP machine can either be in a domain or a workgroup, but not both at the same time. So, you won’t be able to leave the domain without administrator access to the laptop, and you won’t be able to re-join the domain at work without assistance from your company network administrator. This last part here should discourage you. Assuming you do manage to leave the domain, the admins at work aren’t going to like having to continually rejoin the laptop to the domain whenever you bring the laptop in.
I also don’t know what you mean by “can’t see each other.” Do you mean having the computers show up in My Network Places? If the laptop is getting an IP from your home network, you should be able to directly connect to the server by typing “\<server IP here>” into the address bar and configure a printer by using the Add Printer wizard and specifying the print server’s IP address and queue.
This was my first assessment although one option popped into my head. Would a virtual machine be able to work around group policy. IF so he might be able to run another XP insance in a VM and configure it as he pleases since I should not interfere with his current install.
But adding “functionality” runs the risk of making it less secure, which is presumably why your IT folks don’t want you mucking with it. If the company has given you its laptop solely to do your work from home, you’re apt to make The Powers That Be rather cranky if you do anything to it that they perceive puts holes in their security.
Take the hint… your IT guys have put the security on there for a reason, and it’s best not to mess with it (even if you are pretty such it won’t break anything).
If you do go ahead you need to be REALLY careful that you don’t break your employment t&cs - it’s grounds for instant dismissal in many places.
There are ways around the locked group policy, but it can be hard to change it back, and you’ll end up sheepishly taking it back to IT to get it re-set (this will not make you popular*!!).
It’s genuinely not worth the risk IMO - I know people who have been “escorted from the office” for breaking PC security rules. If it’s the printer you need, just get a memory stick and print in batches… it’ll save you a headache in the long term.
*I speak from experience - it needed several minutes of abject grovelling from me to prevent our IT techs from raising an official “breach” report to my line manager.
I had the same situation, and was able to leave the domain, but not get back into at when I returned to the office. The sysadmin set it back for me but they were kind of pissed that I messed with it.
I didn’t try to use IP addresses but you can’t see the other machines or printer on the network with My Network Places, or Add Printer. It might work if you use IP addresses, I don’t know.
Well if you wanted to get real snazzy you could image the drive, reload XP, load VM, image the original machine into the VM. Dunno if that would mess with his domain connections and such but it would be an image restore away from putting it all back.
warning this is more an academic excercise, do not do this with your work machine unless you have LOTS of time to fiddle and know exactly what you are doing. If for some reason your IT people asked to look at your machine they would probably shit a Buckingham Palace worth of cinderblocks. I would try it myself but I run a PC repair service and do LOTS of drive imaging and OS reloading on a daily basis.
Long and short of it is, its not your computer, treat it like you would a computer belonging to a friend while you are visiting him/her. If you want to play, get your own.
I do outsourced support contracts for a few offices I have users there locked out much like you are mentioning just to keep them from loading chat programs and such.