Domain laptop accessing home workgroup -- IMPOSSIBLE

After much online research, I've concluded that my laptop
cannot access my home network, because the laptop is a
member of my domain at work, and my home network is
configured as a workgroup.

The article that finally convinced me to stop looking was
this:

http://www.microsoft.com/hardware/br...ng/10_concept_
switch_workgroups_domains.mspx

My reason for posting is not to seek a solution (since
there is none), but to ask a question: Why isn't this
possible? It simply doesn't make sense to me that a
computer that belongs to a secure network cannot access a
network that is LESS secure.

I just want a succint, rational explanation for this
problem. Any contribution would be appreciated. Thanks.

The article you cite gives the exact steps to do what you say cannot be
done, Ken. I'm guess you're running Windows XP Pro, and not an older
operating system, but if you don't want to follow those steps, there are
some programs out there like Netswitcher which will allow different
profiles. Since your situation apparently is not an issue with Microsoft's
Broadband Networking hardware and software, I'd suggest you take a look
around the public networking newsgroups or sites like
www.practicallynetworked.com .
--
Chris H.
Microsoft Windows MVP/Tablet PC
Tablet Creations - http://nicecreations.us/
Associate Expert
Expert Zone - www.microsoft.com/windowsxp/expertzone


"Ken" <(E-Mail Removed)> wrote in message
news:0a1d01c4f059$b7a95520$(E-Mail Removed)...
> After much online research, I've concluded that my laptop
> cannot access my home network, because the laptop is a
> member of my domain at work, and my home network is
> configured as a workgroup.
>
> The article that finally convinced me to stop looking was
> this:
>
> http://www.microsoft.com/hardware/br...ng/10_concept_
> switch_workgroups_domains.mspx
>
> My reason for posting is not to seek a solution (since
> there is none), but to ask a question: Why isn't this
> possible? It simply doesn't make sense to me that a
> computer that belongs to a secure network cannot access a
> network that is LESS secure.
>
> I just want a succint, rational explanation for this
> problem. Any contribution would be appreciated. Thanks.

You're joking, right?

"It simply doesn't make sense to me that a computer that belongs to a secure
network cannot access a network that is LESS secure."

This doesn't make sense in any way, shape or form. The very reason why you
cannot access an "insecure" network with a domain box is for just that..
security. It's to prevent people like you for hooking up a company-owned
laptop to a possible virus-infested (or otherwise insecure) home network.
How would a company feel if someone took their machine home and connected it
to their home network, only to find out that company trade secrets were
stolen because of a misconfigured router or no firewall in place?

Also, every machine connected to a domain has a security ID (called a "SID")
which is a long string of numbers and letters. This is to keep someone from
bringing a laptop in to the office with the same machine name of the bosses'
laptop and getting access to things they shouldn't. By going from a domain
to a workgroup, you destroy your association with the domain. So when you
go back to work on Monday and rejoin the domain, you are going to find that
your domain user account's SID has been replaced on your local machine and
all of your documents and settings will be "lost". Sort of. So you have to
call the IT guys so that they can fix the laptop that you screwed up.
Having fixed this sort of problem more times than I care to admit, let me
say that it gets old. Very old. By locking the laptop down, not only is
your laptop more secure, the company doesn't have to pay IT guys to fix
problems that their employees created by trying to connect their laptops
(that the company owns) to a home network.

In short, by asking such a stupid question then asking for a "succint,
rational explanation" for designed behavior, you are absolutely showing us
that you're missing the point entirely.



"Ken" <(E-Mail Removed)> wrote in message
news:0a1d01c4f059$b7a95520$(E-Mail Removed)...
> After much online research, I've concluded that my laptop
> cannot access my home network, because the laptop is a
> member of my domain at work, and my home network is
> configured as a workgroup.
>
> The article that finally convinced me to stop looking was
> this:
>
> http://www.microsoft.com/hardware/br...ng/10_concept_
> switch_workgroups_domains.mspx
>
> My reason for posting is not to seek a solution (since
> there is none), but to ask a question: Why isn't this
> possible? It simply doesn't make sense to me that a
> computer that belongs to a secure network cannot access a
> network that is LESS secure.
>
> I just want a succint, rational explanation for this
> problem. Any contribution would be appreciated. Thanks.

There also can be safeguards in place, especially if the machine is a
corporate computer which the IT department is protecting from outside
infection by preventing switching between domain and workgroup
configurations.
--
Chris H.
Microsoft Windows MVP/Tablet PC
Tablet Creations - http://nicecreations.us/
Associate Expert
Expert Zone - www.microsoft.com/windowsxp/expertzone


"Jim Cofer" <(E-Mail Removed)> wrote in message
news:%(E-Mail Removed)...
> You're joking, right?
>
> "It simply doesn't make sense to me that a computer that belongs to a
> secure network cannot access a network that is LESS secure."
>
> This doesn't make sense in any way, shape or form. The very reason why
> you cannot access an "insecure" network with a domain box is for just
> that.. security. It's to prevent people like you for hooking up a
> company-owned laptop to a possible virus-infested (or otherwise insecure)
> home network. How would a company feel if someone took their machine home
> and connected it to their home network, only to find out that company
> trade secrets were stolen because of a misconfigured router or no firewall
> in place?
>
> Also, every machine connected to a domain has a security ID (called a
> "SID") which is a long string of numbers and letters. This is to keep
> someone from bringing a laptop in to the office with the same machine name
> of the bosses' laptop and getting access to things they shouldn't. By
> going from a domain to a workgroup, you destroy your association with the
> domain. So when you go back to work on Monday and rejoin the domain, you
> are going to find that your domain user account's SID has been replaced on
> your local machine and all of your documents and settings will be "lost".
> Sort of. So you have to call the IT guys so that they can fix the laptop
> that you screwed up. Having fixed this sort of problem more times than I
> care to admit, let me say that it gets old. Very old. By locking the
> laptop down, not only is your laptop more secure, the company doesn't have
> to pay IT guys to fix problems that their employees created by trying to
> connect their laptops (that the company owns) to a home network.
>
> In short, by asking such a stupid question then asking for a "succint,
> rational explanation" for designed behavior, you are absolutely showing us
> that you're missing the point entirely.
>
>
>
> "Ken" <(E-Mail Removed)> wrote in message
> news:0a1d01c4f059$b7a95520$(E-Mail Removed)...
>> After much online research, I've concluded that my laptop
>> cannot access my home network, because the laptop is a
>> member of my domain at work, and my home network is
>> configured as a workgroup.
>>
>> The article that finally convinced me to stop looking was
>> this:
>>
>> http://www.microsoft.com/hardware/br...ng/10_concept_
>> switch_workgroups_domains.mspx
>>
>> My reason for posting is not to seek a solution (since
>> there is none), but to ask a question: Why isn't this
>> possible? It simply doesn't make sense to me that a
>> computer that belongs to a secure network cannot access a
>> network that is LESS secure.
>>
>> I just want a succint, rational explanation for this
>> problem. Any contribution would be appreciated. Thanks.
>
>

Chris, I thank you for your reasoned response to my petulant whining (written
in the heat of frustration).

"Chris H." wrote:

> There also can be safeguards in place, especially if the machine is a
> corporate computer which the IT department is protecting from outside
> infection by preventing switching between domain and workgroup
> configurations.
> --
> Chris H.
> Microsoft Windows MVP/Tablet PC
> Tablet Creations - http://nicecreations.us/
> Associate Expert
> Expert Zone - www.microsoft.com/windowsxp/expertzone
>
>
> "Jim Cofer" <(E-Mail Removed)> wrote in message
> news:%(E-Mail Removed)...
> > You're joking, right?
> >
> > "It simply doesn't make sense to me that a computer that belongs to a
> > secure network cannot access a network that is LESS secure."
> >
> > This doesn't make sense in any way, shape or form. The very reason why
> > you cannot access an "insecure" network with a domain box is for just
> > that.. security. It's to prevent people like you for hooking up a
> > company-owned laptop to a possible virus-infested (or otherwise insecure)
> > home network. How would a company feel if someone took their machine home
> > and connected it to their home network, only to find out that company
> > trade secrets were stolen because of a misconfigured router or no firewall
> > in place?
> >
> > Also, every machine connected to a domain has a security ID (called a
> > "SID") which is a long string of numbers and letters. This is to keep
> > someone from bringing a laptop in to the office with the same machine name
> > of the bosses' laptop and getting access to things they shouldn't. By
> > going from a domain to a workgroup, you destroy your association with the
> > domain. So when you go back to work on Monday and rejoin the domain, you
> > are going to find that your domain user account's SID has been replaced on
> > your local machine and all of your documents and settings will be "lost".
> > Sort of. So you have to call the IT guys so that they can fix the laptop
> > that you screwed up. Having fixed this sort of problem more times than I
> > care to admit, let me say that it gets old. Very old. By locking the
> > laptop down, not only is your laptop more secure, the company doesn't have
> > to pay IT guys to fix problems that their employees created by trying to
> > connect their laptops (that the company owns) to a home network.
> >
> > In short, by asking such a stupid question then asking for a "succint,
> > rational explanation" for designed behavior, you are absolutely showing us
> > that you're missing the point entirely.
> >
> >
> >
> > "Ken" <(E-Mail Removed)> wrote in message
> > news:0a1d01c4f059$b7a95520$(E-Mail Removed)...
> >> After much online research, I've concluded that my laptop
> >> cannot access my home network, because the laptop is a
> >> member of my domain at work, and my home network is
> >> configured as a workgroup.
> >>
> >> The article that finally convinced me to stop looking was
> >> this:
> >>
> >> http://www.microsoft.com/hardware/br...ng/10_concept_
> >> switch_workgroups_domains.mspx
> >>
> >> My reason for posting is not to seek a solution (since
> >> there is none), but to ask a question: Why isn't this
> >> possible? It simply doesn't make sense to me that a
> >> computer that belongs to a secure network cannot access a
> >> network that is LESS secure.
> >>
> >> I just want a succint, rational explanation for this
> >> problem. Any contribution would be appreciated. Thanks.
> >
> >
>
>
>

No problem, Ken. 8-) Happy New Year!
--
Chris H.
Microsoft Windows MVP/Tablet PC
Tablet Creations - http://nicecreations.us/
Associate Expert
Expert Zone - www.microsoft.com/windowsxp/expertzone


"Ken" <(E-Mail Removed)> wrote in message
news5B0984A-FE10-4F88-AFB4-(E-Mail Removed)...
> Chris, I thank you for your reasoned response to my petulant whining
> (written
> in the heat of frustration).
>
> "Chris H." wrote:
>
>> There also can be safeguards in place, especially if the machine is a
>> corporate computer which the IT department is protecting from outside
>> infection by preventing switching between domain and workgroup
>> configurations.
>> --
>> Chris H.
>> Microsoft Windows MVP/Tablet PC
>> Tablet Creations - http://nicecreations.us/
>> Associate Expert
>> Expert Zone - www.microsoft.com/windowsxp/expertzone
>>
>>
>> "Jim Cofer" <(E-Mail Removed)> wrote in message
>> news:%(E-Mail Removed)...
>> > You're joking, right?
>> >
>> > "It simply doesn't make sense to me that a computer that belongs to a
>> > secure network cannot access a network that is LESS secure."
>> >
>> > This doesn't make sense in any way, shape or form. The very reason why
>> > you cannot access an "insecure" network with a domain box is for just
>> > that.. security. It's to prevent people like you for hooking up a
>> > company-owned laptop to a possible virus-infested (or otherwise
>> > insecure)
>> > home network. How would a company feel if someone took their machine
>> > home
>> > and connected it to their home network, only to find out that company
>> > trade secrets were stolen because of a misconfigured router or no
>> > firewall
>> > in place?
>> >
>> > Also, every machine connected to a domain has a security ID (called a
>> > "SID") which is a long string of numbers and letters. This is to keep
>> > someone from bringing a laptop in to the office with the same machine
>> > name
>> > of the bosses' laptop and getting access to things they shouldn't. By
>> > going from a domain to a workgroup, you destroy your association with
>> > the
>> > domain. So when you go back to work on Monday and rejoin the domain,
>> > you
>> > are going to find that your domain user account's SID has been replaced
>> > on
>> > your local machine and all of your documents and settings will be
>> > "lost".
>> > Sort of. So you have to call the IT guys so that they can fix the
>> > laptop
>> > that you screwed up. Having fixed this sort of problem more times than
>> > I
>> > care to admit, let me say that it gets old. Very old. By locking the
>> > laptop down, not only is your laptop more secure, the company doesn't
>> > have
>> > to pay IT guys to fix problems that their employees created by trying
>> > to
>> > connect their laptops (that the company owns) to a home network.
>> >
>> > In short, by asking such a stupid question then asking for a "succint,
>> > rational explanation" for designed behavior, you are absolutely showing
>> > us
>> > that you're missing the point entirely.
>> >
>> >
>> >
>> > "Ken" <(E-Mail Removed)> wrote in message
>> > news:0a1d01c4f059$b7a95520$(E-Mail Removed)...
>> >> After much online research, I've concluded that my laptop
>> >> cannot access my home network, because the laptop is a
>> >> member of my domain at work, and my home network is
>> >> configured as a workgroup.
>> >>
>> >> The article that finally convinced me to stop looking was
>> >> this:
>> >>
>> >> http://www.microsoft.com/hardware/br...ng/10_concept_
>> >> switch_workgroups_domains.mspx
>> >>
>> >> My reason for posting is not to seek a solution (since
>> >> there is none), but to ask a question: Why isn't this
>> >> possible? It simply doesn't make sense to me that a
>> >> computer that belongs to a secure network cannot access a
>> >> network that is LESS secure.
>> >>
>> >> I just want a succint, rational explanation for this
>> >> problem. Any contribution would be appreciated. Thanks.
>> >
>> >
>>
>>
>>

So then how does the sysytem allow a company computer to
access T-Mobile or the LAN in Copehnhagen's airport?
>-----Original Message-----
>You're joking, right?
>
>"It simply doesn't make sense to me that a computer that
belongs to a secure
>network cannot access a network that is LESS secure."
>
>This doesn't make sense in any way, shape or form. The
very reason why you
>cannot access an "insecure" network with a domain box is
for just that..
>security. It's to prevent people like you for hooking up
a company-owned
>laptop to a possible virus-infested (or otherwise
insecure) home network.
>How would a company feel if someone took their machine
home and connected it
>to their home network, only to find out that company
trade secrets were
>stolen because of a misconfigured router or no firewall
in place?
>
>Also, every machine connected to a domain has a security
ID (called a "SID")
>which is a long string of numbers and letters. This is
to keep someone from
>bringing a laptop in to the office with the same machine
name of the bosses'
>laptop and getting access to things they shouldn't. By
going from a domain
>to a workgroup, you destroy your association with the
domain. So when you
>go back to work on Monday and rejoin the domain, you are
going to find that
>your domain user account's SID has been replaced on your
local machine and
>all of your documents and settings will be "lost". Sort
of. So you have to
>call the IT guys so that they can fix the laptop that you
screwed up.
>Having fixed this sort of problem more times than I care
to admit, let me
>say that it gets old. Very old. By locking the laptop
down, not only is
>your laptop more secure, the company doesn't have to pay
IT guys to fix
>problems that their employees created by trying to
connect their laptops
>(that the company owns) to a home network.
>
>In short, by asking such a stupid question then asking
for a "succint,
>rational explanation" for designed behavior, you are
absolutely showing us
>that you're missing the point entirely.
>
>
>
>"Ken" <(E-Mail Removed)> wrote in
message
>news:0a1d01c4f059$b7a95520$(E-Mail Removed)...
>> After much online research, I've concluded that my
laptop
>> cannot access my home network, because the laptop is a
>> member of my domain at work, and my home network is
>> configured as a workgroup.
>>
>> The article that finally convinced me to stop looking
was
>> this:
>>
>>
http://www.microsoft.com/hardware/br...ng/10_concept_
>> switch_workgroups_domains.mspx
>>
>> My reason for posting is not to seek a solution (since
>> there is none), but to ask a question: Why isn't this
>> possible? It simply doesn't make sense to me that a
>> computer that belongs to a secure network cannot access
a
>> network that is LESS secure.
>>
>> I just want a succint, rational explanation for this
>> problem. Any contribution would be appreciated. Thanks.
>
>
>.
>