-2

My company has provided us laptops. We used to use them normally but suddenly my company has announced they have installed Active directory server. We all have to shift to that server. The requirement is we have to install either Win 8 pro or Win 7 pro.

  1. Can anyone tell me what are the disadvantages of shifting to that server as a user point of view? E.g. I have heard we will no longer be administrators of our machine just limited user etc.

  2. What are the rights that the domain admin enjoys? E.g. I have heard he can access our files remotely or view our screens remotely etc. (I have lots of personal data. I don't want him to snoop)

Please guide.

3.The local IT staff told me that The only problem if I don't shift to that server is that I won't be able to access my company emails. Those emails can still be accessed over my mobile phone(without domain). Then why can't it be accessed from laptop etc

AhmedRana
  • 101
  • 4

1 Answers1

2

The domain controller owns that PC once it joins the domain. Admin has 100% full control of every aspect of that machine. He can launch scripts, install software or any form of remote administration. Yes, admin will have access to your nudey files.

user3766148
  • 298
  • 2
  • 4
  • 11
  • The admin said it will provide me with local admin password. Is there any way to know if domain admin is trying to access my PC? Or So I could install or uninstall programs. So what do you suggest. Should i install another windows on vmware and put that on domain...or is it possible to join a domain if i use linux? – AhmedRana Oct 12 '14 at 07:25
  • I know that if I was admin, I would be ensuring the PC joins the domain. You are correct that you should not have to join the domain just for email, contact your admin for connection url and port. But the domain gives admin a massive toolbox to administrate your machine correctly. If admin wants to access the machine without your knowledge, that's not to difficult to do. Most admin are professionals and don't touch a system without notifying the user first. Yes, you can log a virtual machine into a domain just as easy as a regular hardbox. works the same. – user3766148 Oct 12 '14 at 07:32
  • Is it possible to use a Linux machine to join a domain? – AhmedRana Oct 12 '14 at 07:34
  • Yes, with Samba – user3766148 Oct 12 '14 at 07:34
  • Thanks for your quick replies. What is Samba ? Is it a variant of linux or a software for linux ? – AhmedRana Oct 12 '14 at 07:35
  • Samba is a linux application that joins windows domains 'single user mode' aka Active Directory (the holy grail of Microsoft) http://www.samba.org/ If you like my response, don't be shy about hitting that 'accept' check box next to my answer. :) – user3766148 Oct 12 '14 at 07:37
  • @user3766148, or in modern distributions you can join AD domains without samba using realmd: http://freedesktop.org/software/realmd/ (which can use either adcli or winbind to perform the operations). There is another awesome tool: https://fuhm.net/software/msktutil/ that has no samba dependencies. In Redhat (or derivatives) 6 you cannot use realmd but you can use adcli (see blog post by one RH employee: http://jhrozek.livejournal.com/3581.html). The combination adcli/realmd + sssd is really awesome, no need to install samba nowadays to authenticate against AD anymore. – natxo asenjo Oct 12 '14 at 09:16