Is Active Directory required for a small network of <10 computers

I have a small network of <10 computers which I'd like to manage having Windows XP Professional. The following things would be required

 1. Windows Update on all the machines from single location - through WSUS
 2. Anti Virus Updates on all the machines from a single location - Norton
 3. Sharing privileges on certain directories which the desktop user should not be able to modify
 4. Automatic Application Deployment - Good to have

I wanted to ask,
 a) Is there any advantage in having an Active Directory setup here (small network)
 b) Can WSUS run on a Non Server Windows OS?
 c) I have not been able to define privileges in a WinXP desktop the way I've seen being defined through Group Policy. For example, I've shared a directory and a user has Desktop Level Privileges, but the user can remove the share since he has write access on it. I want to prevent that.
 d) Automatic application deployment is something which is good to have, but if I can save some money by doing installation manually, I'm fine.

Thank you
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

You can use your network without active directory for these number of computers. The disadvantages will be:
a) WSUS needs windows server
b) insted of group policy you have local policy and you have to set this on every computer.
c) there is no software deployment.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
technotabletAuthor Commented:
Am I correct in assuming that through WSUS all the client machines can be updated and the packages to be updated would be downloaded once on the server only and through the server disseminated to the clients? Is there any other way of doing it except WSUS?
You can use a caching proxy such as Squid.  This won't run the updates for you, but once an update is downloaded it is "held" on the proxy so any future requests for the download are pulled from the proxy rather than the www.

The downside is you don't get to approve the downloads first and you can't see what SP's have been applied to which machines....
It's such a small environment that you can get away with having everything set up in a workgroup.  AD really starts to become necessary when managing multiple servers and a large number of users.  

However, a lot of software assumes that you're in a AD environment and you would have to tweak a lot of those programs to work in a workgroup environment.  

It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Microsoft Legacy OS

From novice to tech pro — start learning today.