Domain laptop accessing home workgroup -- IMPOSSIBLE

Archived from groups: microsoft.public.broadbandnet.hardware (More info?)

After much online research, I've concluded that my laptop
cannot access my home network, because the laptop is a
member of my domain at work, and my home network is
configured as a workgroup.

The article that finally convinced me to stop looking was
this:

www.microsoft.com/hardware/broadbandnetworking/10_concept_
switch_workgroups_domains.mspx

My reason for posting is not to seek a solution (since
there is none), but to ask a question: Why isn't this
possible? It simply doesn't make sense to me that a
computer that belongs to a secure network cannot access a
network that is LESS secure.

I just want a succint, rational explanation for this
problem. Any contribution would be appreciated. Thanks.
6 answers Last reply
More about domain laptop accessing home workgroup impossible
  1. Archived from groups: microsoft.public.broadbandnet.hardware (More info?)

    The article you cite gives the exact steps to do what you say cannot be
    done, Ken. I'm guess you're running Windows XP Pro, and not an older
    operating system, but if you don't want to follow those steps, there are
    some programs out there like Netswitcher which will allow different
    profiles. Since your situation apparently is not an issue with Microsoft's
    Broadband Networking hardware and software, I'd suggest you take a look
    around the public networking newsgroups or sites like
    www.practicallynetworked.com .
    --
    Chris H.
    Microsoft Windows MVP/Tablet PC
    Tablet Creations - http://nicecreations.us/
    Associate Expert
    Expert Zone - www.microsoft.com/windowsxp/expertzone


    "Ken" <anonymous@discussions.microsoft.com> wrote in message
    news:0a1d01c4f059$b7a95520$a301280a@phx.gbl...
    > After much online research, I've concluded that my laptop
    > cannot access my home network, because the laptop is a
    > member of my domain at work, and my home network is
    > configured as a workgroup.
    >
    > The article that finally convinced me to stop looking was
    > this:
    >
    > www.microsoft.com/hardware/broadbandnetworking/10_concept_
    > switch_workgroups_domains.mspx
    >
    > My reason for posting is not to seek a solution (since
    > there is none), but to ask a question: Why isn't this
    > possible? It simply doesn't make sense to me that a
    > computer that belongs to a secure network cannot access a
    > network that is LESS secure.
    >
    > I just want a succint, rational explanation for this
    > problem. Any contribution would be appreciated. Thanks.
  2. Archived from groups: microsoft.public.broadbandnet.hardware (More info?)

    You're joking, right?

    "It simply doesn't make sense to me that a computer that belongs to a secure
    network cannot access a network that is LESS secure."

    This doesn't make sense in any way, shape or form. The very reason why you
    cannot access an "insecure" network with a domain box is for just that..
    security. It's to prevent people like you for hooking up a company-owned
    laptop to a possible virus-infested (or otherwise insecure) home network.
    How would a company feel if someone took their machine home and connected it
    to their home network, only to find out that company trade secrets were
    stolen because of a misconfigured router or no firewall in place?

    Also, every machine connected to a domain has a security ID (called a "SID")
    which is a long string of numbers and letters. This is to keep someone from
    bringing a laptop in to the office with the same machine name of the bosses'
    laptop and getting access to things they shouldn't. By going from a domain
    to a workgroup, you destroy your association with the domain. So when you
    go back to work on Monday and rejoin the domain, you are going to find that
    your domain user account's SID has been replaced on your local machine and
    all of your documents and settings will be "lost". Sort of. So you have to
    call the IT guys so that they can fix the laptop that you screwed up.
    Having fixed this sort of problem more times than I care to admit, let me
    say that it gets old. Very old. By locking the laptop down, not only is
    your laptop more secure, the company doesn't have to pay IT guys to fix
    problems that their employees created by trying to connect their laptops
    (that the company owns) to a home network.

    In short, by asking such a stupid question then asking for a "succint,
    rational explanation" for designed behavior, you are absolutely showing us
    that you're missing the point entirely.


    "Ken" <anonymous@discussions.microsoft.com> wrote in message
    news:0a1d01c4f059$b7a95520$a301280a@phx.gbl...
    > After much online research, I've concluded that my laptop
    > cannot access my home network, because the laptop is a
    > member of my domain at work, and my home network is
    > configured as a workgroup.
    >
    > The article that finally convinced me to stop looking was
    > this:
    >
    > www.microsoft.com/hardware/broadbandnetworking/10_concept_
    > switch_workgroups_domains.mspx
    >
    > My reason for posting is not to seek a solution (since
    > there is none), but to ask a question: Why isn't this
    > possible? It simply doesn't make sense to me that a
    > computer that belongs to a secure network cannot access a
    > network that is LESS secure.
    >
    > I just want a succint, rational explanation for this
    > problem. Any contribution would be appreciated. Thanks.
  3. Archived from groups: microsoft.public.broadbandnet.hardware (More info?)

    There also can be safeguards in place, especially if the machine is a
    corporate computer which the IT department is protecting from outside
    infection by preventing switching between domain and workgroup
    configurations.
    --
    Chris H.
    Microsoft Windows MVP/Tablet PC
    Tablet Creations - http://nicecreations.us/
    Associate Expert
    Expert Zone - www.microsoft.com/windowsxp/expertzone


    "Jim Cofer" <lvbfan@yahoo.com> wrote in message
    news:%235GwSoG8EHA.3376@TK2MSFTNGP12.phx.gbl...
    > You're joking, right?
    >
    > "It simply doesn't make sense to me that a computer that belongs to a
    > secure network cannot access a network that is LESS secure."
    >
    > This doesn't make sense in any way, shape or form. The very reason why
    > you cannot access an "insecure" network with a domain box is for just
    > that.. security. It's to prevent people like you for hooking up a
    > company-owned laptop to a possible virus-infested (or otherwise insecure)
    > home network. How would a company feel if someone took their machine home
    > and connected it to their home network, only to find out that company
    > trade secrets were stolen because of a misconfigured router or no firewall
    > in place?
    >
    > Also, every machine connected to a domain has a security ID (called a
    > "SID") which is a long string of numbers and letters. This is to keep
    > someone from bringing a laptop in to the office with the same machine name
    > of the bosses' laptop and getting access to things they shouldn't. By
    > going from a domain to a workgroup, you destroy your association with the
    > domain. So when you go back to work on Monday and rejoin the domain, you
    > are going to find that your domain user account's SID has been replaced on
    > your local machine and all of your documents and settings will be "lost".
    > Sort of. So you have to call the IT guys so that they can fix the laptop
    > that you screwed up. Having fixed this sort of problem more times than I
    > care to admit, let me say that it gets old. Very old. By locking the
    > laptop down, not only is your laptop more secure, the company doesn't have
    > to pay IT guys to fix problems that their employees created by trying to
    > connect their laptops (that the company owns) to a home network.
    >
    > In short, by asking such a stupid question then asking for a "succint,
    > rational explanation" for designed behavior, you are absolutely showing us
    > that you're missing the point entirely.
    >
    >
    >
    > "Ken" <anonymous@discussions.microsoft.com> wrote in message
    > news:0a1d01c4f059$b7a95520$a301280a@phx.gbl...
    >> After much online research, I've concluded that my laptop
    >> cannot access my home network, because the laptop is a
    >> member of my domain at work, and my home network is
    >> configured as a workgroup.
    >>
    >> The article that finally convinced me to stop looking was
    >> this:
    >>
    >> www.microsoft.com/hardware/broadbandnetworking/10_concept_
    >> switch_workgroups_domains.mspx
    >>
    >> My reason for posting is not to seek a solution (since
    >> there is none), but to ask a question: Why isn't this
    >> possible? It simply doesn't make sense to me that a
    >> computer that belongs to a secure network cannot access a
    >> network that is LESS secure.
    >>
    >> I just want a succint, rational explanation for this
    >> problem. Any contribution would be appreciated. Thanks.
    >
    >
  4. Archived from groups: microsoft.public.broadbandnet.hardware (More info?)

    Chris, I thank you for your reasoned response to my petulant whining (written
    in the heat of frustration).

    "Chris H." wrote:

    > There also can be safeguards in place, especially if the machine is a
    > corporate computer which the IT department is protecting from outside
    > infection by preventing switching between domain and workgroup
    > configurations.
    > --
    > Chris H.
    > Microsoft Windows MVP/Tablet PC
    > Tablet Creations - http://nicecreations.us/
    > Associate Expert
    > Expert Zone - www.microsoft.com/windowsxp/expertzone
    >
    >
    > "Jim Cofer" <lvbfan@yahoo.com> wrote in message
    > news:%235GwSoG8EHA.3376@TK2MSFTNGP12.phx.gbl...
    > > You're joking, right?
    > >
    > > "It simply doesn't make sense to me that a computer that belongs to a
    > > secure network cannot access a network that is LESS secure."
    > >
    > > This doesn't make sense in any way, shape or form. The very reason why
    > > you cannot access an "insecure" network with a domain box is for just
    > > that.. security. It's to prevent people like you for hooking up a
    > > company-owned laptop to a possible virus-infested (or otherwise insecure)
    > > home network. How would a company feel if someone took their machine home
    > > and connected it to their home network, only to find out that company
    > > trade secrets were stolen because of a misconfigured router or no firewall
    > > in place?
    > >
    > > Also, every machine connected to a domain has a security ID (called a
    > > "SID") which is a long string of numbers and letters. This is to keep
    > > someone from bringing a laptop in to the office with the same machine name
    > > of the bosses' laptop and getting access to things they shouldn't. By
    > > going from a domain to a workgroup, you destroy your association with the
    > > domain. So when you go back to work on Monday and rejoin the domain, you
    > > are going to find that your domain user account's SID has been replaced on
    > > your local machine and all of your documents and settings will be "lost".
    > > Sort of. So you have to call the IT guys so that they can fix the laptop
    > > that you screwed up. Having fixed this sort of problem more times than I
    > > care to admit, let me say that it gets old. Very old. By locking the
    > > laptop down, not only is your laptop more secure, the company doesn't have
    > > to pay IT guys to fix problems that their employees created by trying to
    > > connect their laptops (that the company owns) to a home network.
    > >
    > > In short, by asking such a stupid question then asking for a "succint,
    > > rational explanation" for designed behavior, you are absolutely showing us
    > > that you're missing the point entirely.
    > >
    > >
    > >
    > > "Ken" <anonymous@discussions.microsoft.com> wrote in message
    > > news:0a1d01c4f059$b7a95520$a301280a@phx.gbl...
    > >> After much online research, I've concluded that my laptop
    > >> cannot access my home network, because the laptop is a
    > >> member of my domain at work, and my home network is
    > >> configured as a workgroup.
    > >>
    > >> The article that finally convinced me to stop looking was
    > >> this:
    > >>
    > >> www.microsoft.com/hardware/broadbandnetworking/10_concept_
    > >> switch_workgroups_domains.mspx
    > >>
    > >> My reason for posting is not to seek a solution (since
    > >> there is none), but to ask a question: Why isn't this
    > >> possible? It simply doesn't make sense to me that a
    > >> computer that belongs to a secure network cannot access a
    > >> network that is LESS secure.
    > >>
    > >> I just want a succint, rational explanation for this
    > >> problem. Any contribution would be appreciated. Thanks.
    > >
    > >
    >
    >
    >
  5. Archived from groups: microsoft.public.broadbandnet.hardware (More info?)

    No problem, Ken. 8-) Happy New Year!
    --
    Chris H.
    Microsoft Windows MVP/Tablet PC
    Tablet Creations - http://nicecreations.us/
    Associate Expert
    Expert Zone - www.microsoft.com/windowsxp/expertzone


    "Ken" <Ken@discussions.microsoft.com> wrote in message
    news:D5B0984A-FE10-4F88-AFB4-DA008767D057@microsoft.com...
    > Chris, I thank you for your reasoned response to my petulant whining
    > (written
    > in the heat of frustration).
    >
    > "Chris H." wrote:
    >
    >> There also can be safeguards in place, especially if the machine is a
    >> corporate computer which the IT department is protecting from outside
    >> infection by preventing switching between domain and workgroup
    >> configurations.
    >> --
    >> Chris H.
    >> Microsoft Windows MVP/Tablet PC
    >> Tablet Creations - http://nicecreations.us/
    >> Associate Expert
    >> Expert Zone - www.microsoft.com/windowsxp/expertzone
    >>
    >>
    >> "Jim Cofer" <lvbfan@yahoo.com> wrote in message
    >> news:%235GwSoG8EHA.3376@TK2MSFTNGP12.phx.gbl...
    >> > You're joking, right?
    >> >
    >> > "It simply doesn't make sense to me that a computer that belongs to a
    >> > secure network cannot access a network that is LESS secure."
    >> >
    >> > This doesn't make sense in any way, shape or form. The very reason why
    >> > you cannot access an "insecure" network with a domain box is for just
    >> > that.. security. It's to prevent people like you for hooking up a
    >> > company-owned laptop to a possible virus-infested (or otherwise
    >> > insecure)
    >> > home network. How would a company feel if someone took their machine
    >> > home
    >> > and connected it to their home network, only to find out that company
    >> > trade secrets were stolen because of a misconfigured router or no
    >> > firewall
    >> > in place?
    >> >
    >> > Also, every machine connected to a domain has a security ID (called a
    >> > "SID") which is a long string of numbers and letters. This is to keep
    >> > someone from bringing a laptop in to the office with the same machine
    >> > name
    >> > of the bosses' laptop and getting access to things they shouldn't. By
    >> > going from a domain to a workgroup, you destroy your association with
    >> > the
    >> > domain. So when you go back to work on Monday and rejoin the domain,
    >> > you
    >> > are going to find that your domain user account's SID has been replaced
    >> > on
    >> > your local machine and all of your documents and settings will be
    >> > "lost".
    >> > Sort of. So you have to call the IT guys so that they can fix the
    >> > laptop
    >> > that you screwed up. Having fixed this sort of problem more times than
    >> > I
    >> > care to admit, let me say that it gets old. Very old. By locking the
    >> > laptop down, not only is your laptop more secure, the company doesn't
    >> > have
    >> > to pay IT guys to fix problems that their employees created by trying
    >> > to
    >> > connect their laptops (that the company owns) to a home network.
    >> >
    >> > In short, by asking such a stupid question then asking for a "succint,
    >> > rational explanation" for designed behavior, you are absolutely showing
    >> > us
    >> > that you're missing the point entirely.
    >> >
    >> >
    >> >
    >> > "Ken" <anonymous@discussions.microsoft.com> wrote in message
    >> > news:0a1d01c4f059$b7a95520$a301280a@phx.gbl...
    >> >> After much online research, I've concluded that my laptop
    >> >> cannot access my home network, because the laptop is a
    >> >> member of my domain at work, and my home network is
    >> >> configured as a workgroup.
    >> >>
    >> >> The article that finally convinced me to stop looking was
    >> >> this:
    >> >>
    >> >> www.microsoft.com/hardware/broadbandnetworking/10_concept_
    >> >> switch_workgroups_domains.mspx
    >> >>
    >> >> My reason for posting is not to seek a solution (since
    >> >> there is none), but to ask a question: Why isn't this
    >> >> possible? It simply doesn't make sense to me that a
    >> >> computer that belongs to a secure network cannot access a
    >> >> network that is LESS secure.
    >> >>
    >> >> I just want a succint, rational explanation for this
    >> >> problem. Any contribution would be appreciated. Thanks.
    >> >
    >> >
    >>
    >>
    >>
  6. Archived from groups: microsoft.public.broadbandnet.hardware (More info?)

    So then how does the sysytem allow a company computer to
    access T-Mobile or the LAN in Copehnhagen's airport?
    >-----Original Message-----
    >You're joking, right?
    >
    >"It simply doesn't make sense to me that a computer that
    belongs to a secure
    >network cannot access a network that is LESS secure."
    >
    >This doesn't make sense in any way, shape or form. The
    very reason why you
    >cannot access an "insecure" network with a domain box is
    for just that..
    >security. It's to prevent people like you for hooking up
    a company-owned
    >laptop to a possible virus-infested (or otherwise
    insecure) home network.
    >How would a company feel if someone took their machine
    home and connected it
    >to their home network, only to find out that company
    trade secrets were
    >stolen because of a misconfigured router or no firewall
    in place?
    >
    >Also, every machine connected to a domain has a security
    ID (called a "SID")
    >which is a long string of numbers and letters. This is
    to keep someone from
    >bringing a laptop in to the office with the same machine
    name of the bosses'
    >laptop and getting access to things they shouldn't. By
    going from a domain
    >to a workgroup, you destroy your association with the
    domain. So when you
    >go back to work on Monday and rejoin the domain, you are
    going to find that
    >your domain user account's SID has been replaced on your
    local machine and
    >all of your documents and settings will be "lost". Sort
    of. So you have to
    >call the IT guys so that they can fix the laptop that you
    screwed up.
    >Having fixed this sort of problem more times than I care
    to admit, let me
    >say that it gets old. Very old. By locking the laptop
    down, not only is
    >your laptop more secure, the company doesn't have to pay
    IT guys to fix
    >problems that their employees created by trying to
    connect their laptops
    >(that the company owns) to a home network.
    >
    >In short, by asking such a stupid question then asking
    for a "succint,
    >rational explanation" for designed behavior, you are
    absolutely showing us
    >that you're missing the point entirely.
    >
    >
    >
    >"Ken" <anonymous@discussions.microsoft.com> wrote in
    message
    >news:0a1d01c4f059$b7a95520$a301280a@phx.gbl...
    >> After much online research, I've concluded that my
    laptop
    >> cannot access my home network, because the laptop is a
    >> member of my domain at work, and my home network is
    >> configured as a workgroup.
    >>
    >> The article that finally convinced me to stop looking
    was
    >> this:
    >>
    >>
    www.microsoft.com/hardware/broadbandnetworking/10_concept_
    >> switch_workgroups_domains.mspx
    >>
    >> My reason for posting is not to seek a solution (since
    >> there is none), but to ask a question: Why isn't this
    >> possible? It simply doesn't make sense to me that a
    >> computer that belongs to a secure network cannot access
    a
    >> network that is LESS secure.
    >>
    >> I just want a succint, rational explanation for this
    >> problem. Any contribution would be appreciated. Thanks.
    >
    >
    >.
    >
Ask a new question

Read More

Routers Laptops Domain Microsoft Networking