Active directory integration issue

Posted on 2006-05-02
Medium Priority
Last Modified: 2010-04-18
Hi folks, I´ve been working a little bit with Active Directory around, but still ... i have one big issue. By default a workgroup member like lets say a new brand server (win2003) is it really more "secure" to integrate it in active directory structure?

The scene is just for 5 computers, with this new file server, (network on its own) I really dont see why should I implement active directory, unless you guys can tell me if I gain more security ....

Question by:enigmateam
  • 2
LVL 16

Accepted Solution

Redwulf__53 earned 500 total points
ID: 16583805
Security all depends on configuration and policy.
In a Workgroup, you'll have to implement security on all nodes in the network individually, and create user accounts on each PC and the server.
AD gives you a central administrative location where you can implement almost all security related settings, providing better auditing, Kerberos authentication, IPSec (if you want) and with Group Policies you dictate exactly how you want things done in the network.
Workgroups are an administrative nightmare.
LVL 97

Assisted Solution

by:Lee W, MVP
Lee W, MVP earned 500 total points
ID: 16583812
Of you gain more security in terms of flexibility and manageability.  You can instantly disable a user's account and they can't log on to any system.  You can install WSUS and automatically patch systems.  You can share files with other users and secure them so some users have access and others do not.  Yes, most of this you can do without an active directory server. BUT, with a server - that is setup correctly, you WILL save time and in turn money which might help you make more money as you can spend more time on the business that brings in money.

Can you backup files without a domain and not using a client server based system?  Absolutely.  But in a domain, you can redirect a users my documents folders and desktop to the server and otherwise prevent them from saving anything locally, thus allowing you to backup only one system and not spend time backing up 5 or 6.

You have Volume Shadow copy which can recover changed and deleted files that have been accidentally edited or removed from the server (assuming you enable it properly).

By the way, you do NOT want to buy JUST a server.  You want to buy Windows Small Business Server 2003 - which includes groupware Exchange Server and licenses for Outlook 2003.

A server WILL save you money and provide greater flexibilty and security - IF you set it up right.

Author Comment

ID: 16585459
mmmmm speaking of security, is it easier to breakdown a share shared on a Workgroup by default, or a share located on a Active directoryp  server with default share permissions? does this even affect?

Plus running DNS servers, may cause a security issue? on workgroup servers you dont need to run these services ...
LVL 16

Expert Comment

ID: 16585593
When you mean breakdown, I assume you main get unauthorized access/hack?
Like I said before, you can fully enforce IPSec and Kerberos only in a Domain. That makes it pretty much impossible to sniff passwords and impersonate accounts.
Running DNS itself is not a security risk AS LONG AS IT IS CONFIGURED CORRECTLY and that applies for ALL SERVICES.
Even then, ALL computer systems can be hacked.
For 250 pts I'm not going to give a course in Security; you should hire an expert to set that up for you. As far as I'm concerned, your question has been correctly answered by me and Leew.

Featured Post


Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

by Batuhan Cetin Within the dynamic life of an IT administrator, we hold many information in our minds like user names, passwords, IDs, phone numbers, incomes, service tags, bills and the order from our wives to buy milk when coming back to home.…
Setting up a Microsoft WSUS update system is free relatively speaking if you have hard disk space and processor capacity.   However, WSUS can be a blessing and a curse. For example, there is nothing worse than approving updates and they just have…
This lesson discusses how to use a Mainform + Subforms in Microsoft Access to find and enter data for payments on orders. The sample data comes from a custom shop that builds and sells movable storage structures that are delivered to your property. …
Loops Section Overview

840 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question