Using Your Laptop At Work and At Home
Last Updated: 29 Jan 2003
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
*** PLEASE NOTE: Link(s), If Provided, May Be Wrapped ***
There are times when you want to connect a laptop running
Windows NT/2000 to a workgroup or a separate, non-trusted
domain, without removing it from membership in its normal
domain.
Examples:
• You use a laptop as your primary computing system at
work and you also have a network at home. Whenever you
bring the laptop home, you would like to be able to
use it to access home resources, without having to
remove yourself from your Work Domain.
• You need to connect to two or more different domains
which do not maintain trusts between them.
• Your friend/family comes over with a laptop and you
want to be able to easily share files or printers
without altering their domain membership.
Here's how you handle this issue:
HOME NETWORK
1. On your home network, setup an Acct/Pwd combination
which matches the Acct/Pwd being used on the laptop.
2. Provide this account with all of the appropriate or
desired rights on each of your home systems, if
running a peer-to-peer network. If you have a domain,
you only need to do this on the domain controller
and add the account to the appropriate groups.
3. Logon to the laptop as normal (in Win2K this should
result in a cached logon with no information). You
will be seamlessly authenticated when you connect to
your other home systems.
4. You may need to authenticate with HomeDomain\User if
you have a domain at home and you attempt to manage
the domain, but in a peer-to-peer environment, you
should have full access to all your home resources.
MULTIPLE CORPORATE NETWORKS
1. On each of the domains where the user would need to
access resources, create an Acct/Pwd combination
which matches the Acct/Pwd being used on the laptop.
2. Provide this account with all of the appropriate or
desired rights on each machine or domain in question
and add the account to the appropriate groups.
3. Logon to the laptop as normal (in Win2K this should
result in a cached logon with no information). You
will be seamlessly authenticated when you connect to
the resources in each domain.
4. You may need to explicitly authenticate within the
current work domain (as CurrentDomain\User) if you
attempt to perform certain functions such as domain
management or connection to Microsoft Exchange, but
for the most part your access to this remote domain
should be seamless...
WHITEPAPERS & TECH DOCUMENTS
• http://www.jsiinc.com/subb/tip0500/rh0552.htm
• http://www.jsiinc.com/sube/tip2200/rh2240.htm
PERSONAL NOTES
• Hardware profiles will not cut the mustard in this
scenario unless you use more than one NIC. The
problem is that a hardware profile only controls
whether or not a NIC is enabled. If you only have
a single NIC, any network settings you change will
affect all profiles that have a NIC enabled.
• If you remove yourself from the domain, you will
require domain admin level rights to rejoin the
domain at a later point.
• Any additional administrative rights which are
needed can be obtained by opening a console window
in the context of the desired user, using RUNAS.