In my previous column, I talked about some computers on my company\u2019s network that weren\u2019t getting patched because they weren\u2019t getting rebooted. The good news is that I was able to negotiate an agreement with the business unit managers to reboot those computers once a month, on Sundays. The bad news is that I found some more computers that haven\u2019t been getting patched. And they aren\u2019t running antivirus software either.Our (Microsoft Windows) computer inventory tools, patching products and security software all rely on one thing: Active Directory. It\u2019s the source of all the information we have about computers on our network, and it controls the security settings on those computers. We have software that installs patches on our computers, and it uses Active Directory to do what it does. Our antivirus product also relies on Active Directory to automatically install and update on our Windows computers. Active Directory is essentially our de facto inventory of Windows PCs. So what happens when we have a computer that\u2019s not on our Active Directory domain? I found out last week.As it turns out, we do have a few computers that are not joined to our Active Directory domain. This means that they are unmanaged and effectively invisible to our patching and antivirus tools. We discovered them from our vulnerability scans on all our network segments. These PCs were not in our inventory. That\u2019s because one of the business units brought in a third-party vendor a few months ago, which installed them on our network without any of our technical staff being involved. It\u2019s some kind of financial news service, and the PCs are there to show headlines and stock prices. The vendor just plugged them in and walked away.So nobody except the business unit employees knew about these new computers until now, when they started showing up on our vulnerability reports. In their first month of service on our network, they were up to date on patches, so our vulnerability scans ignored them. In their second month, they started appearing on the vulnerability report, but with relatively low quantities of vulnerabilities. In the third month, they made it to the top 10. When I asked what these computers were, nobody knew. We tracked them down by tracing the network cables using their IP addresses, and that\u2019s when we found out they are not on our domain.I called the vendor and asked how its customers are expected to keep these PCs up to date. I was told that most of their customers actually do join the computers to the domain and install their own antivirus products. It just didn\u2019t happen in our case because nobody from IT was involved, and the business unit employees have no idea about these things. So this was a fairly unusual situation.We ended up joining the computers to our domain, updating their patches and setting them up with antivirus. We were fortunate that they didn\u2019t contract malware while they were unprotected. But this incident has led me to believe that we should be scanning our entire network for unmanaged devices. That could take a really long time, given the large number of IP addresses in our network range. We\u2019ll have to set up a special system that only does network scanning and let it run until it finishes \u2014 probably a few months to scan every IP address. Then we can compare what\u2019s on the network with what\u2019s in Active Directory to make sure there aren\u2019t any more rogue computers lurking in the shadows.This week's journal is written by a real security manager, "J.F. Rice," whose name and employer have been disguised for obvious reasons. Contact him at\email@example.com.Join inClick\u00a0here\u00a0for more security articles.