[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1036
  • Last Modified:

Downgrading from a domain to a workgroup

i know this sounds silly..but we are downgrading frm a domain to a workgroup ..and i am not sure what the repurcussions will be on shared resources..
i have shared drives with explicit permissions and group level access.
i need to figure out how to have basic share level permissions..when i downgrade without compromising too much security.
just folder sharing with passwords and restricted access.
running windows 2000 professsionals and XP professionals..

any help is much appreciated.
0
casselav
Asked:
casselav
  • 5
  • 4
  • 2
1 Solution
 
micromarchCommented:
I have no idea why you would want to downgrade from a domain to a workgroup since you will be losing allot of security and control benefits but anyway, are your files shared in a domain environment right now? well if they are, once you demote your server from dc to stand alone, there will be no more domain accounts having permissions on theose files and folders, hence, as the person with the administrative account, you can now take ownership/set permissions on each individual file/folder as you please for your requirements. there isnt much to it.
0
 
casselavAuthor Commented:
oh ..our exchange and BES are being outsourced so with 15 workstations and the rest being outbound its a waste to retain the W2k3 ent edn..which is an evaluation by the way..so my plan is to downgrade individual machines..get a file server..and transfer files frm the server and start afresh...cos i am looking at a no server env.
0
 
whermansCommented:
Better is to get that file server and start with a new domain right away, or add an additional DC while your domain is still up and then remove the old DC so you retain all your user, group and share rights.  Do remember that you will be losing alot of functionality too when your Exchange Server is out of your domain.

If you downgrade out of a domain, individual shares will continue to exist, but the domain users who had access rights will be unavailable and you will have to give everyone on each share again access to a new user account.  Take in account too that each user will be individually based on each computer.
0
Veeam Disaster Recovery in Microsoft Azure

Veeam PN for Microsoft Azure is a FREE solution designed to simplify and automate the setup of a DR site in Microsoft Azure using lightweight software-defined networking. It reduces the complexity of VPN deployments and is designed for businesses of ALL sizes.

 
micromarchCommented:
are you retiring your domain and moving to workgroup or are you making a new domain?
0
 
casselavAuthor Commented:
i am retiring my domain completely..exchange and BES out of the way..my old evaluation server is of no use..and i dont want to have a domain on an evaluation version..so i am retiring it completely..just plain workgroup.
0
 
micromarchCommented:
well then retire your servers theres nothing else to it. you can always take ownership of your files/folders with the local admin account when you retire your servers and reset ntfs permissions to yuor needs. you have an exchange server as well?
0
 
casselavAuthor Commented:
yeah i have an Exchange server and  a Blackberry enterprise server
3 w2k3 ent edn..servers..
1 evaluation version running the file server..the other 2 are..Exchange and BES...have all the FSMO roles..i am gonna relocate them to a third party hosting...so i wanna get rid of the evaluation server..it has no roles configured..just file serving.
so i want my network to be a workgroup..reinstall the server as a member of a workgroup and keep it on my network..thats all..all comps..log in locally..and connect to the internet thru the router..doing the dhcp..my issue is file
permissions in a workgroup environment..
0
 
micromarchCommented:
well what your going to have to do if your going to work in a workgroup environment is make sure all your workstations have the same user names and password so users do not get a logon screen each time they try to access a resource. You can also make some lame account on each workstation and use that if you trust your employees seign everything shared.
0
 
casselavAuthor Commented:
wow....sounds ..like what i had in mind...no password protected resources right..to make it better...i guess...its gone with win98..so i need to rethink my file sharing strategy.
thanks..if u can add anything else..pls do..i will award you the points ..
0
 
micromarchCommented:
thanks glad i could help. What i would do is on your file server create local groups and local users and shove em in the groups who u want to have access to particular files and folders. make sure the users you put on the local file server also reside on the workstations that are part of the workgroup. So you would assign each workstation a local username and password depending whose workstation it is and then assign em the proper permissions on your file server. Make sure that you set passwords to never expire on their local accounts hence, if they change the password well the user will get a loginscreen when trying to access his files/folders or any other resource he has access to. besides that, i dont see much else you can do. If the users were using exchange and you kept their mailbox on their individual workstations pst files well you dont have to do much with that since they will still have their old e-mails and such. might just have to reconfigure where they synchronize to get their e-mails hence the exchange server will be no more.
0
 
whermansCommented:
And do know: it will be an administrator's nightmare!
0

Featured Post

Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

  • 5
  • 4
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now