Solved

Small business Windows 2008 Server without domain

Posted on 2009-07-10
19
262 Views
Last Modified: 2013-11-21
I am setting up from scratch a small home office for a new business with about 4 users.  Normally I would bypass the relatively expensive Windows Server component except for the fact that the users want remote access and Terminal Services is the best option.  With all that being said Can I just setup a stand alone Windows 2008 Server without configuring Active Directory, a domain , dns DHCP etc since some of that functionality will be provided by the linksys router and all I really need is a bunch of users with passwords to that they can be authenticated for Terminal Services Access.  I also want to skip the domain setup bacsuse all of their existing computers are XP Home or Vista Basic
0
Comment
Question by:Bekster
  • 6
  • 5
  • 5
  • +2
19 Comments
 
LVL 30

Expert Comment

by:renazonse
Comment Utility
Small Business Server requires Active Directory to be installed. Else, it will continually shut itself down. You'll need to get a Standard copy of Windows Server 2008 to do that.

0
 

Author Comment

by:Bekster
Comment Utility
Yes I dont plan on using small business server, its just for a small business :)

WIndows 2008 Standard it is.  
0
 
LVL 3

Expert Comment

by:mojopojo
Comment Utility
Even with a work force of - 4 Small Business Server 2008 is a pefect structure to build your organization around. SBS 2003 may even suffice.

If you move to a full server version you lose e-mail, SharePoint (Invaluable) and Remote Work Place.

You will end up neding a full time IT guy to administrate your account if you install a full version of Server 2003/2008.

Just a thought.
0
 

Author Comment

by:Bekster
Comment Utility
I did consider SBS, but ended up deciding on a hosted exchange solution for email because, as you stated, there wont be a local IT guy, and the only services they require are terminal services for remote access as well as Centralized files.  The hosted exchange is nice because its inexpensive, $6/mo per user and they get exchange + outlook web access or Outlook over http without having to worry about a local exchange server.

I basicially wanted to know if I can setup Windows 2008 server without domain/AD and all that added complexity.  
0
 
LVL 58

Expert Comment

by:tigermatt
Comment Utility
A Windows Server 2008 server *can* act as a stand-alone server in a workgroup, if that is all you wish. Simply install the server, and it will be in a workgroup by default. The part you omit is running dcpromo to promote it as a Domain Controller, meaning it always remains as a workgroup-based server.

As the company grows, you can always promote the server as a DC if that is necessary at a later date.

-Matt
0
 
LVL 3

Expert Comment

by:mojopojo
Comment Utility
If you only have 4 users why would you want to front the expense of a MS Server OS like Server 2003, or Server 2008 unless you plan to use AD? That is why the Server OS exists.

If you plan to only have 4 or 5 users, use hosted Exchange, and no centrally administrated file shares and security (that is what AD does at its core level - security) that why not just create a workgroup and use one of the XP/Vista boxes as a file server.

It will save you about $2000 in software, $1000 in hardware and you will not have to admin a server OS.

It is within the EULA rights of Win XP and Vista to have 5 concurrent connections for the purposes of file sharing. So why bother with Server software if you are not going to use it.

I wouldn't.

And I am a Microsoft Engineer.

BUT I would STRONGLY URGE anone who cares about security or a corporate environment to move to a SECURE Active Directory environment where you can administrate, monitor and secure all of your company data.
0
 

Author Comment

by:Bekster
Comment Utility
I am only using Windows 2008 Server for Terminal Services.  They will be on the road primarily and want to keep all their documents centrally located on the file server.

0
 
LVL 3

Accepted Solution

by:
mojopojo earned 250 total points
Comment Utility
You should still be using AD then.

If you set up a Server 2008 box as a Term Server and File Server (or you have the file server on another box) you still should be using AD to Authenticate.

You would have them go to: remote.yourdomain.com
And then log in.

That uses AD!

0
 
LVL 58

Assisted Solution

by:tigermatt
tigermatt earned 250 total points
Comment Utility

I too would recommend deploying an Active Directory environment, but the Author has valid reasons not to do so.

The requirement for Terminal Services is such that a SERVER-GRADE Operating System is required. A Vista/XP box acting as a file server would probably not be sufficient and access to it would be slow; not to mention the fact it does not support multiple remote sessions. A Server 2008 box does, with the correct CALs installed.

-Matt
0
Get up to 2TB FREE CLOUD per backup license!

An exclusive Black Friday offer just for Expert Exchange audience! Buy any of our top-rated backup solutions & get up to 2TB free cloud per system! Perform local & cloud backup in the same step, and restore instantly—anytime, anywhere. Grab this deal now before it disappears!

 

Author Comment

by:Bekster
Comment Utility
Yes Matt I would agree.  And since the number of users is low I was simply going to add the users to the server and im done.  

When the users are on the Lan as long as their passwords and accounts match they will have access to the resources on the server.
0
 
LVL 58

Expert Comment

by:tigermatt
Comment Utility
>> When the users are on the Lan as long as their passwords and accounts match they will have access to the resources on the server.

That is correct. Pass-through authentication will work provided the username and passwords match between workstations and the server.

I know, Active Directory means this is not necessary - but you have valid reasons not to deploy AD which cannot be ignored. The fact there will only be 4 users and may not be permanent on-site technical knowledge with AD is a good reason to consider not deploying it.

-Matt
0
 
LVL 3

Expert Comment

by:mojopojo
Comment Utility
All MS Server OS come with 5 CALs.

Al XP/Vista OS allow 5 concurrent conections by EULA.

Speed of those connections relies more on the equipment NIC and CAT that the OS. 5 remote users are not going to flood the bandwith of his connection.

But thanks for the validation. I would always use AD for a network with more than 3 peoplle iff I cared about the data.
0
 
LVL 58

Expert Comment

by:tigermatt
Comment Utility
Could you clarify your reasons behind the 'B' grade? Only I feel I answered your question as directly as I could...
0
 

Author Comment

by:Bekster
Comment Utility
Mojo is dragging you down matt :) It was a B overall
0
 
LVL 3

Expert Comment

by:mojopojo
Comment Utility
Yes. Sorry you could not glean the answer you would have liked but we can only give you advice based on best-practice and the scope of your issue. We only provide solutions.

Thanks for participating and we hope that your fare well,

-MP
0
 
LVL 58

Expert Comment

by:tigermatt
Comment Utility
mojopojo,

>> All MS Server OS come with 5 CALs. Al XP/Vista OS allow 5 concurrent conections by EULA.

XP/Vista do *not* permit more than one concurrent remote Terminal Services session to be made to it. You need a SERVER operating system to allow for more than 1 concurrent remote session, and Terminal Server CALs for any more than 2 remote sessions. The author stated they wish to access the server via Terminal Services.

>> Speed of those connections relies more on the equipment NIC and CAT that the OS. 5 remote users are not going to flood the bandwith of his connection.

Yup, agreed with that. However, the user stated his users will be accessing the data and resources hosted on this file server *remotely*. As someone who has worked in environments where bandwidth and connection speed is at a premium, I would much prefer to terminal services to a system which is local to the data and open the document, rather than wait for some 10MB spreadsheet to download over a VPN running on a slow DSL line. The amount of data required to simply upload screen changes from the remote terminal server is vastly less than the data required to actually upload the document the user wishes to edit.

>> I would always use AD for a network with more than 3 peoplle iff I cared about the data.

Data Security can be achieved without Active Directory in small environments just as well as it can be achieved with Active Directory. The first component of data security is the server HARDWARE. The server should be installed on server-grade hardware with the data stored on a suitably REDUNDANT RAID ARRAY. This is the first line in data security - a disk failure is not going to cause data loss. In my opinion, all servers should be covered under a 27*7*4 or next-day business warranty if a component fails, and when they reach the end of this warranty, they should be replaced or the warranty renewed to ensure you always have vendor support if ever required.

Moving on to the software layer, the second important aspect is BACKUP. Backups can be made to tape or to external removable hard disk and should be verified regularly to ensure consistency and that recovery from the backup is possible.

Active Directory helps in enterprise environments to provide granularity in access control for files based on advanced and complex group membership hierachies. However, in very small environments, such as the Author's, where a server is required only for one or two very specific roles, Active Directory often makes no sense. This is particularly so in companies who may not have on-site knowledge to handle an enterprise-class Active Directory domain.

I always deploy Active Directory, even for my smallest clients, but this is because I am only a phone call away from resolving issues. I prefer to have more control and management than rely on local users and groups. However, when this immediate support may not be available, it makes sense to keep things as simple as possible.

-Matt
0
 
LVL 95

Expert Comment

by:Lee W, MVP
Comment Utility
From my perspective, it is never improper to provide a reasoning for why a setup is inappropriate or most likely a poor choice.

I agree with Tiger Matt in almost every item stated in his last post.

From my perspective, no business should ever be setup in a workgroup, ESPECIALLY when a server exists. Why?  The supposed complexity of a domain or a workgroup is, in my opinion, a myth.  It's more complicated to get sharing working reliably in a workgroup than it is in a domain.  Once setup, a domain's management is generally VERY easy.  In 9x, if you knew the "password" to the share, you would be fine to connect to it and generally didn't have problems.  But with NT-based operating systems it got more complex - and especially with XP.

One KEY reason to go with domains over workgroups - when it comes time to migrate to a domain, file security is NOT easily ported from domain to workgroup.  This question is asked often enough here and people are often disappointed in the answers.
0
 
LVL 3

Expert Comment

by:mojopojo
Comment Utility
My apologies to everyone and especially to tigermatt. He has been a valuable and most knowledgeable contributor to issues I have had in the past. He is truely an Expert. If I offended anyone I am sorry.
-MP
0

Featured Post

How does your email signature look on mobiles?

Do your employees use mobile devices to reply to emails? With mobile becoming increasingly important to the business world, it is in your best interest to make sure that your email signature looks great across all types of devices.

Join & Write a Comment

Suggested Solutions

I was supporting a handful of Windows 2008 (non-R2) 2 node clusters with shared quorum disks. Some had SQL 2008 installed and some were just a vendor application that we supported. For the purposes of this article it doesn’t really matter which so w…
Restoring deleted objects in Active Directory has been a standard feature in Active Directory for many years, yet some admins may not know what is available.
This tutorial will walk an individual through the steps necessary to configure their installation of BackupExec 2012 to use network shared disk space. Verify that the path to the shared storage is valid and that data can be written to that location:…
This tutorial will walk an individual through the steps necessary to install and configure the Windows Server Backup Utility. Directly connect an external storage device such as a USB drive, or CD\DVD burner: If the device is a USB drive, ensure i…

728 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now