Solved

Small business Windows 2008 Server without domain

Posted on 2009-07-10
19
265 Views
Last Modified: 2013-11-21
I am setting up from scratch a small home office for a new business with about 4 users.  Normally I would bypass the relatively expensive Windows Server component except for the fact that the users want remote access and Terminal Services is the best option.  With all that being said Can I just setup a stand alone Windows 2008 Server without configuring Active Directory, a domain , dns DHCP etc since some of that functionality will be provided by the linksys router and all I really need is a bunch of users with passwords to that they can be authenticated for Terminal Services Access.  I also want to skip the domain setup bacsuse all of their existing computers are XP Home or Vista Basic
0
Comment
Question by:Bekster
  • 6
  • 5
  • 5
  • +2
19 Comments
 
LVL 30

Expert Comment

by:renazonse
ID: 24825309
Small Business Server requires Active Directory to be installed. Else, it will continually shut itself down. You'll need to get a Standard copy of Windows Server 2008 to do that.

0
 

Author Comment

by:Bekster
ID: 24825344
Yes I dont plan on using small business server, its just for a small business :)

WIndows 2008 Standard it is.  
0
 
LVL 3

Expert Comment

by:mojopojo
ID: 24825560
Even with a work force of - 4 Small Business Server 2008 is a pefect structure to build your organization around. SBS 2003 may even suffice.

If you move to a full server version you lose e-mail, SharePoint (Invaluable) and Remote Work Place.

You will end up neding a full time IT guy to administrate your account if you install a full version of Server 2003/2008.

Just a thought.
0
Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

 

Author Comment

by:Bekster
ID: 24825604
I did consider SBS, but ended up deciding on a hosted exchange solution for email because, as you stated, there wont be a local IT guy, and the only services they require are terminal services for remote access as well as Centralized files.  The hosted exchange is nice because its inexpensive, $6/mo per user and they get exchange + outlook web access or Outlook over http without having to worry about a local exchange server.

I basicially wanted to know if I can setup Windows 2008 server without domain/AD and all that added complexity.  
0
 
LVL 58

Expert Comment

by:tigermatt
ID: 24825651
A Windows Server 2008 server *can* act as a stand-alone server in a workgroup, if that is all you wish. Simply install the server, and it will be in a workgroup by default. The part you omit is running dcpromo to promote it as a Domain Controller, meaning it always remains as a workgroup-based server.

As the company grows, you can always promote the server as a DC if that is necessary at a later date.

-Matt
0
 
LVL 3

Expert Comment

by:mojopojo
ID: 24825701
If you only have 4 users why would you want to front the expense of a MS Server OS like Server 2003, or Server 2008 unless you plan to use AD? That is why the Server OS exists.

If you plan to only have 4 or 5 users, use hosted Exchange, and no centrally administrated file shares and security (that is what AD does at its core level - security) that why not just create a workgroup and use one of the XP/Vista boxes as a file server.

It will save you about $2000 in software, $1000 in hardware and you will not have to admin a server OS.

It is within the EULA rights of Win XP and Vista to have 5 concurrent connections for the purposes of file sharing. So why bother with Server software if you are not going to use it.

I wouldn't.

And I am a Microsoft Engineer.

BUT I would STRONGLY URGE anone who cares about security or a corporate environment to move to a SECURE Active Directory environment where you can administrate, monitor and secure all of your company data.
0
 

Author Comment

by:Bekster
ID: 24825718
I am only using Windows 2008 Server for Terminal Services.  They will be on the road primarily and want to keep all their documents centrally located on the file server.

0
 
LVL 3

Accepted Solution

by:
mojopojo earned 250 total points
ID: 24825782
You should still be using AD then.

If you set up a Server 2008 box as a Term Server and File Server (or you have the file server on another box) you still should be using AD to Authenticate.

You would have them go to: remote.yourdomain.com
And then log in.

That uses AD!

0
 
LVL 58

Assisted Solution

by:tigermatt
tigermatt earned 250 total points
ID: 24825790

I too would recommend deploying an Active Directory environment, but the Author has valid reasons not to do so.

The requirement for Terminal Services is such that a SERVER-GRADE Operating System is required. A Vista/XP box acting as a file server would probably not be sufficient and access to it would be slow; not to mention the fact it does not support multiple remote sessions. A Server 2008 box does, with the correct CALs installed.

-Matt
0
 

Author Comment

by:Bekster
ID: 24825824
Yes Matt I would agree.  And since the number of users is low I was simply going to add the users to the server and im done.  

When the users are on the Lan as long as their passwords and accounts match they will have access to the resources on the server.
0
 
LVL 58

Expert Comment

by:tigermatt
ID: 24825843
>> When the users are on the Lan as long as their passwords and accounts match they will have access to the resources on the server.

That is correct. Pass-through authentication will work provided the username and passwords match between workstations and the server.

I know, Active Directory means this is not necessary - but you have valid reasons not to deploy AD which cannot be ignored. The fact there will only be 4 users and may not be permanent on-site technical knowledge with AD is a good reason to consider not deploying it.

-Matt
0
 
LVL 3

Expert Comment

by:mojopojo
ID: 24825844
All MS Server OS come with 5 CALs.

Al XP/Vista OS allow 5 concurrent conections by EULA.

Speed of those connections relies more on the equipment NIC and CAT that the OS. 5 remote users are not going to flood the bandwith of his connection.

But thanks for the validation. I would always use AD for a network with more than 3 peoplle iff I cared about the data.
0
 
LVL 58

Expert Comment

by:tigermatt
ID: 24825847
Could you clarify your reasons behind the 'B' grade? Only I feel I answered your question as directly as I could...
0
 

Author Comment

by:Bekster
ID: 24825892
Mojo is dragging you down matt :) It was a B overall
0
 
LVL 3

Expert Comment

by:mojopojo
ID: 24825924
Yes. Sorry you could not glean the answer you would have liked but we can only give you advice based on best-practice and the scope of your issue. We only provide solutions.

Thanks for participating and we hope that your fare well,

-MP
0
 
LVL 58

Expert Comment

by:tigermatt
ID: 24825963
mojopojo,

>> All MS Server OS come with 5 CALs. Al XP/Vista OS allow 5 concurrent conections by EULA.

XP/Vista do *not* permit more than one concurrent remote Terminal Services session to be made to it. You need a SERVER operating system to allow for more than 1 concurrent remote session, and Terminal Server CALs for any more than 2 remote sessions. The author stated they wish to access the server via Terminal Services.

>> Speed of those connections relies more on the equipment NIC and CAT that the OS. 5 remote users are not going to flood the bandwith of his connection.

Yup, agreed with that. However, the user stated his users will be accessing the data and resources hosted on this file server *remotely*. As someone who has worked in environments where bandwidth and connection speed is at a premium, I would much prefer to terminal services to a system which is local to the data and open the document, rather than wait for some 10MB spreadsheet to download over a VPN running on a slow DSL line. The amount of data required to simply upload screen changes from the remote terminal server is vastly less than the data required to actually upload the document the user wishes to edit.

>> I would always use AD for a network with more than 3 peoplle iff I cared about the data.

Data Security can be achieved without Active Directory in small environments just as well as it can be achieved with Active Directory. The first component of data security is the server HARDWARE. The server should be installed on server-grade hardware with the data stored on a suitably REDUNDANT RAID ARRAY. This is the first line in data security - a disk failure is not going to cause data loss. In my opinion, all servers should be covered under a 27*7*4 or next-day business warranty if a component fails, and when they reach the end of this warranty, they should be replaced or the warranty renewed to ensure you always have vendor support if ever required.

Moving on to the software layer, the second important aspect is BACKUP. Backups can be made to tape or to external removable hard disk and should be verified regularly to ensure consistency and that recovery from the backup is possible.

Active Directory helps in enterprise environments to provide granularity in access control for files based on advanced and complex group membership hierachies. However, in very small environments, such as the Author's, where a server is required only for one or two very specific roles, Active Directory often makes no sense. This is particularly so in companies who may not have on-site knowledge to handle an enterprise-class Active Directory domain.

I always deploy Active Directory, even for my smallest clients, but this is because I am only a phone call away from resolving issues. I prefer to have more control and management than rely on local users and groups. However, when this immediate support may not be available, it makes sense to keep things as simple as possible.

-Matt
0
 
LVL 95

Expert Comment

by:Lee W, MVP
ID: 24829036
From my perspective, it is never improper to provide a reasoning for why a setup is inappropriate or most likely a poor choice.

I agree with Tiger Matt in almost every item stated in his last post.

From my perspective, no business should ever be setup in a workgroup, ESPECIALLY when a server exists. Why?  The supposed complexity of a domain or a workgroup is, in my opinion, a myth.  It's more complicated to get sharing working reliably in a workgroup than it is in a domain.  Once setup, a domain's management is generally VERY easy.  In 9x, if you knew the "password" to the share, you would be fine to connect to it and generally didn't have problems.  But with NT-based operating systems it got more complex - and especially with XP.

One KEY reason to go with domains over workgroups - when it comes time to migrate to a domain, file security is NOT easily ported from domain to workgroup.  This question is asked often enough here and people are often disappointed in the answers.
0
 
LVL 3

Expert Comment

by:mojopojo
ID: 24830923
My apologies to everyone and especially to tigermatt. He has been a valuable and most knowledgeable contributor to issues I have had in the past. He is truely an Expert. If I offended anyone I am sorry.
-MP
0

Featured Post

Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Restoring deleted objects in Active Directory has been a standard feature in Active Directory for many years, yet some admins may not know what is available.
This article shows how to deploy dynamic backgrounds to computers depending on the aspect ratio of display
This tutorial will walk an individual through the steps necessary to configure their installation of BackupExec 2012 to use network shared disk space. Verify that the path to the shared storage is valid and that data can be written to that location:…
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…

770 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question