Hi all,

Just stumbled upon something here at work that totally threw me for a loop.  I thought we had things on pretty good lockdown here until today.  We have a domain here at work, lets just call it DOMAIN. All computers and users are joined to DOMAIN with specific passwords for each account. 

We have a few laptops here that our salesmen use here and away from the office.  So they also have the option (when away from the office) to still log into the computer (but locally on the machine, not to DOMAIN.) For simplicity, we have them using the same password (hey they are in sales). 

Long story short... sorry.
I had a sales laptop here, plugged it into our network, logged in locally on the machine, not DOMAIN.  I was still however able to access mapped drives on my Domain Controllers via UNC name\share

Isn't this the whole point of having a secured win2k domain? or is it just because of the passwords being the same as they log in locally instead of onto the domain?
Any ideas how I can make them only access the stuff on the domain ONLY when they are logged into the domain? There has to be something else instead of giving them a new local password?

Thanks in advance for help

We had this problem too. It was a while ago and I forget how it was resolved. It had something to do with configuring the rights a different way. I will ask around and see if the guys remember.

I apologize. No one here remembers. And the guy who actually did it doesn't work here any more. I'll see if there's something in the log.