Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Mike Lewis on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Unwated Domain Controller

Status
Not open for further replies.
DMWCSD

DMWCSD

IS-IT--Management
May 4, 2004
31
0
0
US
Hello, I work for a school district. We run windows 2003 servers. I have an outside company that occupies one of my computer labs. In the past they have been their own environment completely. They have their own Windows 2003 server with active directory and dhcp and the whole 9 yards running their own little self contained network.

Now the problem is that they are complaining that they want internet access. My boss has already tried simply plugging the switch in their room into our network to see if it worked. I tried to emphasize that we do not want this domain controller plugged into our network, because it could cause problems with out network.

Is their any way that I can give this particular lab internet access only and not have them participate in the rest of our network? I have Cisco layer 3 switches, would it work if I were to allow http on the port they plug into and deny everything else?

I appreciate any help or suggestions. Thanks everyone.
 
Sort by date Sort by votes
Since you have 2 domains and 2 forrests that's not connected by trust, you can get an Internet router. Put them both on the same subnet and connect them.

Maybe?


Patrik

 
Upvote 0 Downvote
Buy a firewall that has multiple internal interfaces/zones. Put the Internet connection on the external interface. Put your network on one internal interface, and their network on another internal interface. Allow both interfaces access to the Internet, but don't let them talk to each other.

Just make sure that you get a real firewall instead of a SOHO "broadband router." Also, avoid entry level/remote office firewalls that have a single internal zone that is run through a switch (like the PIX 501). You want multiple security zones.

If you can't afford a new firewall, take a PC, put three NICs in it and put Smoothwall on it.
 
Upvote 0 Downvote
If their lab is totally indepenant from yours, just put it on a VLAN on your switch and route that VLAN to the Internet only, nowhere else.

I'm Certifiable, not cert-ified.
It just means my answers are from experience, not a book.
 
Upvote 0 Downvote
If their network is named something different than your domain, then DHCP is likely going to be the only culprit to immediately cause a problem should the two networks be combined. But I'm with Davetoo and kmcferrin - VLANs or firewall configs should make this a non issue.

Pat Richard
Microsoft Exchange MVP
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

goombawaho
  • Locked
  • Question
Domain join from wifi connected laptop
Replies
4
Views
197
goombawaho
goombawaho
Teo En Ming
  • Locked
  • Question
Actions taken during Disaster Recovery for client whose IBM Megaraid controller has failed
Replies
2
Views
129
fightaccording
fightaccording
MattM1975
  • Locked
  • Question
Domain Admin Logon 1
Replies
2
Views
80
ADB100
ADB100
fredmartinmaine
  • Locked
  • Question
Domain Controller without DNS Server
Replies
4
Views
168
fredmartinmaine
fredmartinmaine
froggy8
  • Locked
  • Question
cant add my windows 7 pc to my domain 1
Replies
3
Views
88
hairlessupportmonkey
hairlessupportmonkey

Part and Inventory Search

Sponsor

Back
Top