Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations TouchToneTommy on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

domains vs workgroups... 5

Status
Not open for further replies.
elmurado

elmurado

IS-IT--Management
Jul 15, 2003
673
AU
Hi guys, we're upgrading nt4 to win2003.
The powers that be in Information Services are suggesting we have a workgroup rather than go to AD domains for cost effectiveness and simplicity.(ie no BDC req'd).

What are the
1. security implications
2. profile and access implications? Ie can I have same kind of control over a workgroup as I do over a domain in terms of granting rights etc? Or even 'pushing' apps and updates/patches etc?
 
Sort by date Sort by votes
How many computers in the work group are we talking about? I wouldnt recommend it, you will have alot more control over a domain than you would a work group. You would have to create accounts on each and every computer instead of having a centralised location. I would say a domain is more cost effective than a work group is. There will be less to work todo. Also act as a central storage point. But if you only talking about 3/4 computer than maybe yes. You wont beable to pust anything really over a work group or it would take alot of work. I would say go with a domain, but more information on your setup would help, how many server and workstations.

 
Upvote 0 Downvote
I agree. If you are in a business environment and you have more than 4-5 systems to keep track of, you're far better off having a domain. As stated previously, the biggest benefit is centralized control and administration. Without domains you cannot:

Centrally administer user accounts.

Centrally administer network file and printer shares.

Centrally control access policies/restrictions.

Use group policy (which simplifies administering system settings, software installations, etc).

Use Exchange for email.

Even if your company is small, you probably don't intend to stay that way forever. Once you grow a bit you'll find yourself seriously restricted without a Domain/AD structure.

As to your specific questions...

1. If you use a workgroup instead of a domain/AD structure, managing 10 workstations will be much like managing 10 different domains, with limited or no trust between them. This very quickly can become out of control. A domain can be more secure because it is easier to set global security policies (password age, access permissions), as well as the ability to use Group Policies to control SUS and push out security updates.

2. No.

If your company is big enough to have a "powers that be in Information Services", then it sounds like it's big enough that managing workgroups would be a nightmare. And I'd have to seriously question the knowledge and capabilities of an IT manager who thought that they were doing the company a service by saving a couple thousand dollars upfront and spending many times that in manhours of support.
 
Upvote 0 Downvote
We have 30 workstations on the network. Also there are three shared printers/scanners.
All users have access to the net and use the server for file storage.
Clients are mix of win98/Xp.
I want to make sure security is tighter, especially with poeple coming and going so much in the office.
And having control over users would be safer as far as I can tell. I'm tired of having to make sure that all virus updates etc are done when I could be doing it centrally?
Also I'm not sure I can even set passwords to expire without a domain.
Thanks guys.
 
Upvote 0 Downvote
I would use a domain setup then, you will waste so much time in a workgroup setup with that many machines just keeping track of everything.
Also you might want to look at upgrading the 98 machines to XP if you want to tighten security as you can push down polices to the machines. You can push files via AD, for your AntiVirus you might want to look at running an AV server such as Symantec where it downloads the new defs for you to the central server and pushes them out to all the clients.
In a workgroup with that amount of computers it would be impossible to share anything making sure all passwords are in sync with each other.

Also workstation OS can only handle 10 concurrent connection at one time while a server OS in domain can handle unlimited.


 
Upvote 0 Downvote
You have another vote for domains here. Another thought to consider. If you have a domain, you can put together a second server for a backup. That way, when users try and log onto the domain, if one server is down, you can authenticate to a second server. Not to mention using active directory. The plus sides of domains vs. workgroups are unreal. Check out
Active Directory
Faithless and kmcferrin, here's a couple of stars for some great points.

Glen A. Johnson
If you're from Northern Illinois/Southern Wisconsin check out Tek-Tips in Chicago, Illinois Forum.

TTinChicago
 
Upvote 0 Downvote
Thanks to you all...now I feel armed to ask for more with the IS guys(budget wise they are sooo tight)
 
Upvote 0 Downvote
Hello all -- I am new to tech tips. I am interested in learning how to set up a domain and am wondering if anyone can recommend some books/websites/articles to help in this endevor

Thanks much,

David
 
Upvote 0 Downvote
elmurado

I can't believe that IS people are recommending a workgroup for 30 machines! Unbelievable!

Backups, password admin, security, software updates (including security patches), user accounts, polices would all have to be done on a PER MACHINE basis.

[sarcasm]
Are these guys qualified or experienced in networking?
[/sarcasm]

For under £800 you can get a basic spec server with Windows server 2003. Thats the only real cost. Tell them to stop being so tight.

dcgoody

I strongly recommend the official MCP 70 - 215 (I think) book. Really good on all points of setting up a domain and windows domain administration.

Running DCPROMO (start - run) will start the wizard in Win2k and Win2k3 server.

Good Luck,


Steve.
 
Upvote 0 Downvote
Thanks Steve. I think your sarcasm is well founded!
I have no wish to be scrabbling around machine to machine every week...I'm having a conference call with IS (who are at HQ in the States) so will make my strongest case with all the great feedback I got here as well as everything I know.
I think they think we're some kind of hick remote outpost still!
 
Upvote 0 Downvote
Very interesting! good way to convince grass roots management staff is to generate projected figures for additional expenses involved in the timely administration of a workgroup. Think of the man hours involved!

Then their is the complications of security and back-up, this is potentially a disaster, dependant on the importance of this centre the implementation of a under-achieving IT infrastructure could sink the company!

Under funding should not be an issue in this day and age, I was reading an article just last week that was discussing the falling prices in IT equipment, and that this means that IT professionals are able to implement over sized systems and still stay under budget.

Good luck though buddy!
 
Upvote 0 Downvote
I have a windows 2000 server which is currently hosting about 50 computers on the domain and we have another 40 or so on a work group i think the domain is fantastic, one thing im a bit unsure about is that each wondows xp user that logs onto the domain requires a license yes? at the moment im having a problem where we also have Terminal Services/remote connections into the server box for office.. who here can explain in simple terms about cals and licensing for domains? any help would be great
Thanking you in advance.
Amy
 
Upvote 0 Downvote
Assuming that you license per-seat, you need a Client Access License (CAL) for each machine that is connecting to the server. So if you have a Windows 2000 server running with 50 client PCs, each PC will need a CAL in addition to the OS that runs on it. Most large companies will purchase a CAL for a new PC when they buy the PC. Usually when you buy a retail copy of a Windows server, it will come with a specified number of CALs.

If you are running Terminal Services in Application Server mode (instead of Remote Administration mode) then you will also need Terminal Server Client licenses for each system that is connecting to that server for Application Server purposes. I am not sure if a TS client license also includes a regular CAL, or if you have to buy them separately.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

tviman
  • Locked
  • Question
Remote Apps vs Remote Desktop Connection
Replies
0
Views
247
tviman
tviman
AlfonsoSF
  • Locked
  • Question
Esplorer (not the internet browser) hangs in a user RDP session ins a W2016 vsphere virtual machine.
Replies
1
Views
317
hairlessupportmonkey
hairlessupportmonkey
Leozack
  • Locked
  • Question
LOGON SPEED : GPO settings vs script reg import etc
Replies
3
Views
455
Leozack
Leozack
cindylee
  • Locked
  • Question
Forefront UAG vs Citrix
Replies
3
Views
250
itsp1965
itsp1965
Encino40
  • Locked
  • Question
Move user between child domains
Replies
1
Views
216
Encino40
Encino40

Part and Inventory Search

Sponsor

Back
Top