Active Directory Domain or Local Workgroup: security the network and the best way to handle sensitive data and file sharing.
Posted on 2003-03-12
My question is based on security, the network and the best way to handle sensitive data and file sharing. Should a domain or workgroup be used on these systems?
Our organization has migrated to the windows active directory as an OU. We are still in mixed mode with 2000, nt4 systems however.
These systems collect and run data for analysis. Access to the data on these systems are thru a local share folder on them. This in turn allows the user to access the data on their client-side systems.
Lately, there are concerns on whether the systems that collect data should be joined to the domain or left in a workgroup setting. If joined to the domain a single-sign would be used, if left on the workgroup a seperate set of user and password access would be used. Since we are an OU and thus some control is restricted it is a problem.
If joined to the domain, what are the security risks? if left as a workgroup is this better, from a security hacking perspective. Thus if the active directory where hacked.
I need someway to justify one way or the other to the other network admins. what our options are and the best way to do this. Develope a best practices.
Constructive advice is appreciated,