We have to do both. We have to control our environment and find a way to make BYOT work and be safe. Much as you did in your last paragraph.
My original point was poorly written on my part, I do not ALLOW people to join their computers to our domain. We isolate them. I was just raising the point that if you do something like NAC to control it's access until it meets specs it can work and might not be all bad. I have more control if it has my NAC agent, my SCCM agent and my rules applied to it. I was only pointing out it might be less of a threat than a non-joined computer. ________________________________________ From: Kurt Buff [kurt.b...@gmail.com] Sent: Wednesday, June 20, 2012 6:19 PM To: NT System Admin Issues Subject: Re: How many in your company can join systems to domain Yes, we can stop it, and should stop it. If you don't control your environment, you can't control your destiny. I do like the approach that Good and a couple of other vendors have taken - they are device-agnostic, and strive to set a perimeter around corporate info, keeping it separate from personal info. Definitely the way to go, IMHO. Kurt On Wed, Jun 20, 2012 at 1:08 PM, Kennedy, Jim <kennedy...@elyriaschools.org> wrote: > Get used to it. BYOT is coming, we won't be able to stop it. Not sure we > should. > > -----Original Message----- > From: David Lum [mailto:david....@nwea.org] > Sent: Wednesday, June 20, 2012 4:03 PM > To: NT System Admin Issues > Subject: RE: How many in your company can join systems to domain > > Kind of makes it hard to use a GPO then, doesn't it? > > -----Original Message----- > From: Rankin, James R [mailto:kz2...@googlemail.com] > Sent: Wednesday, June 20, 2012 12:10 PM > To: NT System Admin Issues > Subject: Re: How many in your company can join systems to domain > > Wasn't there a good piece posted a while back (maybe from Brian Madden) about > how having domain-joined computers is no longer strictly necessary? > > ---Blackberried > > -----Original Message----- > From: "Kennedy, Jim" <kennedy...@elyriaschools.org> > Date: Wed, 20 Jun 2012 17:31:42 > To: NT System Admin Issues<ntsysadmin@lyris.sunbelt-software.com> > Reply-To: "NT System Admin Issues" > <ntsysadmin@lyris.sunbelt-software.com>Subject: RE: How many in your company > can join systems to domain > > I have thought about this before...so I am going to toss it out there and see > how it gets swatted down. > > If a staff member brings in a home laptop and joins it to the domain is it > more of a threat or less of a threat than not being in the domain and just > plugged into the network. I ask because here after they reboot they will get > all the patches, up to date AV software and no-one except IT Staff will be a > local admin. Most won't even be able to get to a command prompt. > > -----Original Message----- > From: Kurt Buff [mailto:kurt.b...@gmail.com] > Sent: Wednesday, June 20, 2012 1:17 PM > To: NT System Admin Issues > Subject: Re: How many in your company can join systems to domain > > By default yes, unless you turn it off, which, IMHO, is the sane thing to > do... > > On Wed, Jun 20, 2012 at 8:30 AM, Webster <webs...@carlwebster.com> wrote: >> I haven't had to deal with this in a long time but IIRC anyone who is >> in Domain Users can join up to 10 computers to your domain. >> >> http://support.microsoft.com/kb/243327 >> >> >> Carl Webster >> >> Consultant and Citrix Technology Professional >> >> http://www.CarlWebster.com >> >> >> From: David Lum <david....@nwea.org> >> Reply-To: NT Issues <ntsysadmin@lyris.sunbelt-software.com> >> Date: Wednesday, June 20, 2012 8:19 AM >> To: NT Issues <ntsysadmin@lyris.sunbelt-software.com> >> Subject: How many in your company can join systems to domain >> >> Subject line pretty much says it. We have 600 employees and an IT >> staff of 50-ish (including developers) and I swear all 50 can join >> systems to the domain. Certainly 10 of them can and that seems like a lot. >> >> >> >> Brought up because these guys drive me crazy by loosely following >> naming standards, not moving to the appropriate OU, and not putting >> descriptions in AD. >> >> David Lum >> Systems Engineer // >> NWEATM >> Office 503.548.5229//Cell (voice/text) 503.267.9764 >> >> >> >> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ >> <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ >> >> --- >> To manage subscriptions click here: >> http://lyris.sunbelt-software.com/read/my_forums/ >> or send an email to listmana...@lyris.sunbeltsoftware.com >> with the body: unsubscribe ntsysadmin >> >> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ >> <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ >> >> --- >> To manage subscriptions click here: >> http://lyris.sunbelt-software.com/read/my_forums/ >> or send an email to listmana...@lyris.sunbeltsoftware.com >> with the body: unsubscribe ntsysadmin > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ > <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to listmana...@lyris.sunbeltsoftware.com > with the body: unsubscribe ntsysadmin > > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ > <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to listmana...@lyris.sunbeltsoftware.com > with the body: unsubscribe ntsysadmin > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ > <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to listmana...@lyris.sunbeltsoftware.com > with the body: unsubscribe ntsysadmin > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ > <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to listmana...@lyris.sunbeltsoftware.com > with the body: unsubscribe ntsysadmin > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to listmana...@lyris.sunbeltsoftware.com > with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin