: We're a small, non-profit firm with a single domain and we are concerned about our Windows network security and network access management. Our accounting department has its server on a network in that office (no access to the live network). They want me to move their server down to the server room and put it on the network. How can I add this server to the network but only allow network access to the accounting department?
- Question posed by a SearchWindowsSecurity.com reader.
Jonathan Hassell's answer: Assuming that the server on this "mini-network" in your accounting office isn't connected...
to a domain, and it has user accounts configured for your accounting employees, simply moving the server from one room to another and connecting it to a different network won't change its access restrictions. Anyone connecting to the machine -- again, assuming there are accounts configured on the machine and it wasn't secured solely by the fact it was in its own network -- will be prompted for credentials.
If not, just add some user accounts for only the people who need to access the server and remove anonymous access. You don't mention which operating system this server is running on or what services this server has provisioned (is it only a file server? Or is there server software for a particular accounting program?), so I can't give specific advice, but this general suggestion should pave the way.
About the author: Jonathan Hassell is an author, consultant and speaker residing in Charlotte, N.C. Jonathan's books include RADIUS and Learning Windows Server 2003 for O'Reilly Media and Hardening Windows for Apress. His work is seen regularly in popular periodicals such as Windows IT Pro magazine, PC Pro and Microsoft's TechNet Magazine, as well as the website SecurityFocus, He speaks around the world on topics including networking, security and Windows administration. He can be reached at email@example.com.