Unknown workgroup in Microsoft Windows Network

[Bill Board]

Recently a new workgroup/domain appeared in our "Network Neighborhood >
Microsoft Windows Network" We are running Windows 2003 Server with
Windows XP Pro workstations in our network.

Two questions:

1. I only found this by chance when I was looking in Network Neighborhood.
Is there a way that I could be alerted if a new workgroup or domain appear?

2. How can we track this back to who or what IP address device attached to
the network?

Thanks,
Bill

 

[Lanwench [MVP - Exchange]]

Bill Board <John.Doe@NoSpam.com> wrote:
> Recently a new workgroup/domain appeared in our "Network Neighborhood
> > Microsoft Windows Network" We are running Windows 2003 Server
> with Windows XP Pro workstations in our network.
>
> Two questions:
>
> 1. I only found this by chance when I was looking in Network
> Neighborhood. Is there a way that I could be alerted if a new
> workgroup or domain appear?
> 2. How can we track this back to who or what IP address device
> attached to the network?
>
> Thanks,
> Bill

Most likely, someone simply connected a hon-domain-member laptop or PC to
the network once, and it's gone now. The workgroup name will eventually go
away & not be visible. If you want to prevent stuff like this from
happpening in the future, you can either invest in a fancy-shmancy Ethernet
switch that won't give unauthorized computers an IP address, or do the cheap
& cheerful (and less effective) thing - disconnect any unused Ethernet jack
from your switch in the server room/closet/whatnot.

 

[Bill Board]

I guessed some did what you mentioned, but I was thinking perhaps there was
a utility that you give a list of "good" workgroups/domains and if it see
others than what's in its good list it send a notice. This way I could be a
little quicker in finding the person/device.

"Lanwench [MVP - Exchange]"
<lanwench@heybuddy.donotsendme.unsolicitedmailatyahoo.com> wrote in message
news:eW286$EhIHA.2540@TK2MSFTNGP05.phx.gbl...
> Bill Board <John.Doe@NoSpam.com> wrote:
>> Recently a new workgroup/domain appeared in our "Network Neighborhood
>> > Microsoft Windows Network" We are running Windows 2003 Server
>> with Windows XP Pro workstations in our network.
>>
>> Two questions:
>>
>> 1. I only found this by chance when I was looking in Network
>> Neighborhood. Is there a way that I could be alerted if a new
>> workgroup or domain appear?
>> 2. How can we track this back to who or what IP address device
>> attached to the network?
>>
>> Thanks,
>> Bill
>
> Most likely, someone simply connected a hon-domain-member laptop or PC to
> the network once, and it's gone now. The workgroup name will eventually go
> away & not be visible. If you want to prevent stuff like this from
> happpening in the future, you can either invest in a fancy-shmancy
> Ethernet switch that won't give unauthorized computers an IP address, or
> do the cheap & cheerful (and less effective) thing - disconnect any unused
> Ethernet jack from your switch in the server room/closet/whatnot.
>

 

[Lanwench [MVP - Exchange]]

Bill Board <John.Doe@NoSpam.com> wrote:
> I guessed some did what you mentioned, but I was thinking perhaps
> there was a utility that you give a list of "good" workgroups/domains
> and if it see others than what's in its good list it send a notice. This
> way I could be a little quicker in finding the person/device.

No, not that I know of. You could disable NetBIOS over TCP/IP entirely if
you don't want to see stuff like this. But I'd issue a memo reminding people
not to connect unauthorized computers" and make sure it's part of your
computer use agreement - make employees sign it, even.


>
> "Lanwench [MVP - Exchange]"
> <lanwench@heybuddy.donotsendme.unsolicitedmailatyahoo.com> wrote in
> message news:eW286$EhIHA.2540@TK2MSFTNGP05.phx.gbl...
>> Bill Board <John.Doe@NoSpam.com> wrote:
>>> Recently a new workgroup/domain appeared in our "Network
>>> Neighborhood
>>>> Microsoft Windows Network" We are running Windows 2003 Server
>>> with Windows XP Pro workstations in our network.
>>>
>>> Two questions:
>>>
>>> 1. I only found this by chance when I was looking in Network
>>> Neighborhood. Is there a way that I could be alerted if a new
>>> workgroup or domain appear?
>>> 2. How can we track this back to who or what IP address device
>>> attached to the network?
>>>
>>> Thanks,
>>> Bill
>>
>> Most likely, someone simply connected a hon-domain-member laptop or
>> PC to the network once, and it's gone now. The workgroup name will
>> eventually go away & not be visible. If you want to prevent stuff
>> like this from happpening in the future, you can either invest in a
>> fancy-shmancy Ethernet switch that won't give unauthorized computers
>> an IP address, or do the cheap & cheerful (and less effective) thing
>> - disconnect any unused Ethernet jack from your switch in the server
>> room/closet/whatnot.

 

[David H. Lipman]

From: "Bill Board" <John.Doe@NoSpam.com>

| I guessed some did what you mentioned, but I was thinking perhaps there was
| a utility that you give a list of "good" workgroups/domains and if it see
| others than what's in its good list it send a notice. This way I could be a
| little quicker in finding the person/device.
|

There is no such list.

--
Dave
http://www.claymania.com/removal-trojan-adware.html
Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp

 

[Steve Halvorson]

Use a program like "Look at Lan" it scans an IP range and alerts you (Star
Trek Alert Sound) whenever it discovers a new IP address. You can save your
network profile and it will only alert when something new is connected.
--
Steve Halvorson



"Bill Board" wrote:

> Recently a new workgroup/domain appeared in our "Network Neighborhood >
> Microsoft Windows Network" We are running Windows 2003 Server with
> Windows XP Pro workstations in our network.
>
> Two questions:
>
> 1. I only found this by chance when I was looking in Network Neighborhood.
> Is there a way that I could be alerted if a new workgroup or domain appear?
>
> 2. How can we track this back to who or what IP address device attached to
> the network?
>
> Thanks,
> Bill
>
>
>
>
>

 

[Dobromir Todorov]

Bill,

There used to be a Browser Monitor tool in the Windows NT 4 Resource Kit,
which I believe you should still be able to download.

The tool will show you all the master and backup browsers on your network,
as well as the computers and domains/workgroups they know of. It does not
necessarily say which are "good" - I guess you will still need to review the
list manually.

--
---
HTH,
Dobromir

Visit http://www.iamechanics.com

"Bill Board" <John.Doe@NoSpam.com> wrote in message
news:ueWdANFhIHA.3916@TK2MSFTNGP02.phx.gbl...
>I guessed some did what you mentioned, but I was thinking perhaps there was
>a utility that you give a list of "good" workgroups/domains and if it see
>others than what's in its good list it send a notice. This way I could be
>a little quicker in finding the person/device.
>
> "Lanwench [MVP - Exchange]"
> <lanwench@heybuddy.donotsendme.unsolicitedmailatyahoo.com> wrote in
> message news:eW286$EhIHA.2540@TK2MSFTNGP05.phx.gbl...
>> Bill Board <John.Doe@NoSpam.com> wrote:
>>> Recently a new workgroup/domain appeared in our "Network Neighborhood
>>> > Microsoft Windows Network" We are running Windows 2003 Server
>>> with Windows XP Pro workstations in our network.
>>>
>>> Two questions:
>>>
>>> 1. I only found this by chance when I was looking in Network
>>> Neighborhood. Is there a way that I could be alerted if a new
>>> workgroup or domain appear?
>>> 2. How can we track this back to who or what IP address device
>>> attached to the network?
>>>
>>> Thanks,
>>> Bill
>>
>> Most likely, someone simply connected a hon-domain-member laptop or PC to
>> the network once, and it's gone now. The workgroup name will eventually
>> go away & not be visible. If you want to prevent stuff like this from
>> happpening in the future, you can either invest in a fancy-shmancy
>> Ethernet switch that won't give unauthorized computers an IP address, or
>> do the cheap & cheerful (and less effective) thing - disconnect any
>> unused Ethernet jack from your switch in the server room/closet/whatnot.
>>
>
>

 

[Anteaus]

A slightly lateral approach, if you turn off the Computer Browser and Server
services on desktops, that will stop users from creating or finding
unauthorised shared resources. It will also improve your security somewhat.

As such it won't stop someone connecting an unauthorised computer, but it
will to some extent mitigate the security risks which that poses.

You can (obviously) only do this if all of your resources are centrally
hosted, it would not be suitable if you (for example) rely on peer-shared
printers.


"Bill Board" wrote:

> Recently a new workgroup/domain appeared in our "Network Neighborhood >
> Microsoft Windows Network" We are running Windows 2003 Server with
> Windows XP Pro workstations in our network.

 

[Lanwench [MVP - Exchange]]

Anteaus <Anteaus@discussions.microsoft.com> wrote:
> A slightly lateral approach, if you turn off the Computer Browser and
> Server services on desktops, that will stop users from creating or
> finding unauthorised shared resources. It will also improve your
> security somewhat.

Hmmm - no....if you want security, you use NTFS permissions to lock things
down. You can also use hidden shares. Browsing is not a security issue - if
you want to see shares on a server, \\server will show them to you. And if
you turn off the Server service you cannot as an admin remotely manage a PC.

I do generally turn off the Computer Browser on workstations - this works if
you use WINS. But that isn't for reasons of security -it's performance &
browser election issues.
>
> As such it won't stop someone connecting an unauthorised computer,
> but it will to some extent mitigate the security risks which that
> poses.

How so?
>
> You can (obviously) only do this if all of your resources are
> centrally hosted, it would not be suitable if you (for example) rely
> on peer-shared printers.

The server service, yes. Computer Browser, no....you can connect to
\\workstation\printer regardless.
>
>
> "Bill Board" wrote:
>
>> Recently a new workgroup/domain appeared in our "Network
>> Neighborhood > Microsoft Windows Network" We are running Windows
>> 2003 Server with Windows XP Pro workstations in our network.