Anteaus said:
I would be inclined to use fixed IPs for desktops,
But why? It's not going to give you any real security benefit (beyond a
minor verisimilitude) and and is an administrative nightmare.
but DHCP (with a
separate scope in the same network range) for laptops. This is
generally better as it allows the laptop to be used on other sites as
well as at home. If you make all computers DHCP-dependent then you
really need a backup DHCP server, otherwise it becomes a SPOF.
Sure, two DHCP servers with non-overlapping scopes is easy to set
up....although in a small office with a single server, the loss of DHCP
would be the least of your worries, I'd think. If you've got a well-built
and managed single server built on good hardware, this is rarely a concern.
The other issue of course is that domain-member laptops cannot fully
take part in a workgroup, or another domain for that matter. There
are no easy workarounds for that, though I generally don't make
laptops domain-members for this reason.
I think that is a bad idea. If you have company-owned and managed laptops,
they should be part of the domain, participate in the security policies and
so forth. There's nothing stopping a user with a domain-member laptop from
connecting to resources on any other network (whether a domain or a
workgroup).
The only time I don't join computers to the domain is if they'll never
actually be connected directly to the company network and are for use on
remote networks only.
