Active directory integration issue

Posted on 2006-05-02
Last Modified: 2010-04-18
Hi folks, I´ve been working a little bit with Active Directory around, but still ... i have one big issue. By default a workgroup member like lets say a new brand server (win2003) is it really more "secure" to integrate it in active directory structure?

The scene is just for 5 computers, with this new file server, (network on its own) I really dont see why should I implement active directory, unless you guys can tell me if I gain more security ....

Question by:enigmateam
    LVL 16

    Accepted Solution

    Security all depends on configuration and policy.
    In a Workgroup, you'll have to implement security on all nodes in the network individually, and create user accounts on each PC and the server.
    AD gives you a central administrative location where you can implement almost all security related settings, providing better auditing, Kerberos authentication, IPSec (if you want) and with Group Policies you dictate exactly how you want things done in the network.
    Workgroups are an administrative nightmare.
    LVL 95

    Assisted Solution

    by:Lee W, MVP
    Of you gain more security in terms of flexibility and manageability.  You can instantly disable a user's account and they can't log on to any system.  You can install WSUS and automatically patch systems.  You can share files with other users and secure them so some users have access and others do not.  Yes, most of this you can do without an active directory server. BUT, with a server - that is setup correctly, you WILL save time and in turn money which might help you make more money as you can spend more time on the business that brings in money.

    Can you backup files without a domain and not using a client server based system?  Absolutely.  But in a domain, you can redirect a users my documents folders and desktop to the server and otherwise prevent them from saving anything locally, thus allowing you to backup only one system and not spend time backing up 5 or 6.

    You have Volume Shadow copy which can recover changed and deleted files that have been accidentally edited or removed from the server (assuming you enable it properly).

    By the way, you do NOT want to buy JUST a server.  You want to buy Windows Small Business Server 2003 - which includes groupware Exchange Server and licenses for Outlook 2003.

    A server WILL save you money and provide greater flexibilty and security - IF you set it up right.

    Author Comment

    mmmmm speaking of security, is it easier to breakdown a share shared on a Workgroup by default, or a share located on a Active directoryp  server with default share permissions? does this even affect?

    Plus running DNS servers, may cause a security issue? on workgroup servers you dont need to run these services ...
    LVL 16

    Expert Comment

    When you mean breakdown, I assume you main get unauthorized access/hack?
    Like I said before, you can fully enforce IPSec and Kerberos only in a Domain. That makes it pretty much impossible to sniff passwords and impersonate accounts.
    Running DNS itself is not a security risk AS LONG AS IT IS CONFIGURED CORRECTLY and that applies for ALL SERVICES.
    Even then, ALL computer systems can be hacked.
    For 250 pts I'm not going to give a course in Security; you should hire an expert to set that up for you. As far as I'm concerned, your question has been correctly answered by me and Leew.

    Featured Post

    Looking for New Ways to Advertise?

    Engage with tech pros in our community with native advertising, as a Vendor Expert, and more.

    Join & Write a Comment

    So you have two Windows Servers and you have a directory/folder/files on one that you'd like to mirror to the other?  You don't really want to deal with DFS or a 3rd party solution like Doubletake. You can use Robocopy from the Windows Server 200…
    Scenerio: You have a server running Server 2003 and have applied a retail pack of Terminal Server Licenses.  You want to change servers or your server has crashed and you need to reapply the Terminal Server Licenses. When you enter the 16-digit lic…
    Hi everyone! This is Experts Exchange customer support.  This quick video will show you how to change your primary email address.  If you have any questions, then please Write a Comment below!
    In this sixth video of the Xpdf series, we discuss and demonstrate the PDFtoPNG utility, which converts a multi-page PDF file to separate color, grayscale, or monochrome PNG files, creating one PNG file for each page in the PDF. It does this via a c…

    729 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    19 Experts available now in Live!

    Get 1:1 Help Now