To AD or not on windows 2003 server

  • Thread starter Thread starter marsha
  • Start date Start date
M

marsha

Those who have followed my other posts know that we are using
a simple peer-to-peer setup right now with a single folder on one
computer that is the data source that a special program keeps track
of. The users add to and change the data in that folder. Naturally,
they have to be able to access the folder.

There are now 6 users. We have purchased a new computer to be
the server and Windows 2003 Server (or will when the boss returns
from vacation).

The question is should we go to a Domain situation with Active Directory.
All the users have the same privileges. The can read, write, change data
in that folder. They shouldn't mess with anything else on the server.
Considering
the simplicity of our needs, should I set up an Active Directory which I
gather
implies setting up Domains. We do have two xp home machines but I don't
mind changing them out to either w2k or xp pro in order for them to work as
part of the domain.

Thanks for your input!
 
Hi marsha,

I would say there's no need to go to an AD for those needs. You might
consider upgrading to pro desktops so you can better manage the permissions
(rather than having the guest account enabled), but really you can control
access to everything with NTFS permissions - at least on a global scale -
even with the guest account enabled. Remember with Win2K the default share
permission was "everyone-full control", in anticipation that access would be
controlled at the file system level and thatNTFS was a better place to
control access anyway. I would have no problems going to an AD for six
computers/users, it does centralize everything and allows users to change
passwords and such without locking themselves out of other network
resources. From a consultant/provider perspective, this I would most
certainly so a domain because it makes MY job so much easier. It allows me
as the administrator to monitor activities (audit) as well as force things
like password changes and enforce policies like who has access to network
settings, control panel, many others and simple things like reset a password
if it's forgotten or maliciously changed. It really all depends on where you
want to take it. But if you've got it working the way you want it now, I'd
be tempted not to "fix it".

....kurt
 
Kurt said:
Hi marsha,

I would say there's no need to go to an AD for those needs. You might
consider upgrading to pro desktops so you can better manage the permissions
(rather than having the guest account enabled), but really you can control
access to everything with NTFS permissions - at least on a global scale -
even with the guest account enabled. Remember with Win2K the default share
permission was "everyone-full control", in anticipation that access would be
controlled at the file system level and thatNTFS was a better place to
control access anyway. I would have no problems going to an AD for six
computers/users, it does centralize everything and allows users to change
passwords and such without locking themselves out of other network
resources. From a consultant/provider perspective, this I would most
certainly so a domain because it makes MY job so much easier. It allows me
as the administrator to monitor activities (audit) as well as force things
like password changes and enforce policies like who has access to network
settings, control panel, many others and simple things like reset a password
if it's forgotten or maliciously changed. It really all depends on where you
want to take it. But if you've got it working the way you want it now, I'd
be tempted not to "fix it".

Kurt, you are such a brain. lol You make everything sound so easy. If I
got
up the nerve to install AD, would you help me via this ng? :-) I feel
sure I wouldn't
try it without knowing you were there to turn to. And Merry Christmas
Kurt!!!!
 
I have been on a crash course studying the server software and have
decided I will stay with the current setup and NOT got to AD.
 
I would highly recommend using Active Directory. Active Directory keeps
your network secure, without it anyone could connect to your host computer
and tamper with/steal your files. There is no downside to using Active
Directory. With AD you can monitor network activities using event viewer
such as someone trying to login using a false username/password. A client
server setup is more secure than a peer-to-peer.
 
Jack Anderson said:
I would highly recommend using Active Directory. Active Directory keeps
your network secure, without it anyone could connect to your host computer
and tamper with/steal your files. There is no downside to using Active
Directory. With AD you can monitor network activities using event viewer
such as someone trying to login using a false username/password. A client
server setup is more secure than a peer-to-peer.

Thanks Jack. That is very persuasive. Okay, back to the books. :-)
 
Back
Top