[Last Call] Learn how to a build a cloud-first strategyRegister Now


Mapped Drives or UNC Paths, Domain or Workgroup? - best practice for Windows 7?

Posted on 2011-05-04
Medium Priority
Last Modified: 2012-05-11
Should I stop operating in a Windows workgroup and start using my domain controller?
Should I stop using mapped drives and switch to UNC paths?

My small biz network has been very simple since Win 95 days. All workstations run as administrator. Everyone has read/write access to every file & folder on 3 or 4 mapped drives.  We're all on one workgroup. I've used batch scripts to map the drives after each reboot. Up through Win XP, this worked well for our 70 employees and 35 workstations for years. (Yes, some people are sharing PCs, such as cash registers and reference workstations).

As I start to poke around with my first couple of Windows 7 PCs, I'm finding that some apps don't like mapped drive letters. They want UNC paths. An MS Support person, for one of my MS apps, suggested that "mapped drives aren't recommended any longer...."- which made me scratch my head.

It looks as though I can use UNC without adopting a domain. Is that true? Do I just change my NET USE syntax in the scripts?

Should I use a domain? I have a Windows Server 2003 (maybe R2?) that has been configured as a domain controller. Its main job is an instance of SQL Server for MS Dynamics SL accounting. It just has the 5 CALs. 40 or so workstations have been able to map S: to a shared folder on that server. All PCs are doing NET USE S: \\SLSERVER\MyFolder\ , logging in as ADMINISTRATOR. [I've suspected that only 5 PCs are actually using that folder at any given time, but I'm not sure. It just works.] Using the Domain Controller and the Active Directory, can I define another user (regularGuy), and use that login from multiple workstations? Or, will I need a bunch of CALs? Does the domain controller decision interact with the mapped vs. UNC decision?

We have a minor, minor business need to limit access to some folders. In the past, the need for simplicity and uniformity has trumped the need for user-level access control. Now, it looks like the whole world is using domain controllers and UNC paths. It looks like simple workgroup networking might be squeezed out of future editions of Windows. Should I bite the bullet and make the transition to a domain?

I also have a Samba server for the workgroup. If I adopt the domain controller for use with the Windows Server shared folder, can I still use the workgroup and mapped drive letters to the Samba folder?

Thanks for reading.
Question by:oakie22
LVL 99

Assisted Solution

by:John Hurst
John Hurst earned 450 total points
ID: 35695378
I use the structure NET USE S: \\SLSERVER\MyFolder\  to map from my Windows 7 Pro laptop to any other machine. I have multiple clients so a domain does not work for me. I don't have any difficulty with applications working like this. I do authenticate properly and give the password.

That said, there is nothing wrong with a domain. I am just saying you don't have to if you don't wish to.

... Thinkpads_User
LVL 81

Accepted Solution

arnold earned 525 total points
ID: 35695433
With the number of systems in your LAN, you are better off with a DC which will provide you a way to centrally manage your users. (with a single DC, you should make sure you have a good Disaster Recovery plan.  This consists of making sure you backup the system state on the server AD DC.) Make sure to readup on how to restore the AD after reinstalling OS or setting up a replacement server.

Since you mentioned the SAMBA server later on, in your question, and since I tried to answer one thing at a time, an alternative to have a DC, is to have samba+ldap PDC setup. You would still have to deal with the licesing to the SQL server, but I am uncertain whether the same licensing requirement will exist to the server and the only place to find this out is from ......................

As far as licensing is concerned, you would have to determine whether you want to use the per device or per user license model.

I think there is an EE article detailing the MS licensing model/consideration but not sure where it is here are some questions/answers that may help you decide:

Now back to your situation, running anything as an administrator is just asking for trouble. One should control the environment such that userA has access to only what userA needs to do perform their duties.The reason you are running it this way because of the administrative issues where you would need to setup 70 employee accounts on 35 computers. unless you want to split the employees into pairs and designating which computer they can use.

A UNC works as long as all the workstations/systems are in the same Workgroup
LVL 11

Assisted Solution

marek1712 earned 525 total points
ID: 35711782
I'll add one little info:
To use UNC path you have to create shortcut pointing to, i.e. \\SERVER\SHARE

I'd go with Arnold: giving administrator rights to the users is asking for trouble. Centralized management will make your life easier: automating and managing configuration with GPO, centralized antivirus software, etc.
The real problem may be user CALs: if you don't want to buy more you'd have to stick with shared accounts - and that's not a good idea...

UNC vs mapped drives.
My users are still operating on the drive letters so I'm stuck with it (well, most of them can't even see the difference between slash and backslash ;) ).

Check this KB:
"Mapped drives vs. UNC" paragraph. This may be the greatest obstacle.

Author Closing Comment

ID: 35732759
I don't think I stated the question very well. It's probably hard for folks to imagine a business where people do not sit at desks, but walk around a 20,000 square feet space, using whatever computer is nearest. It's probably hard to imagine that I really don't need to secure certain files & folders And yet, that has worked for us for years and years. Thanks for your responses.

Featured Post

Free Backup Tool for VMware and Hyper-V

Restore full virtual machine or individual guest files from 19 common file systems directly from the backup file. Schedule VM backups with PowerShell scripts. Set desired time, lean back and let the script to notify you via email upon completion.  

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I'm a big fan of Windows' offline folder caching and have used it on my laptops for over a decade.  One thing I don't like about it, however, is how difficult Microsoft has made it for the cache to be moved out of the Windows folder.  Here's how to …
Measuring Server's processing rate with a simple powershell command. The differences in processing rate also was recorded in different use-cases, when a server in free and busy states.
With the advent of Windows 10, Microsoft is pushing a Get Windows 10 icon into the notification area (system tray) of qualifying computers. There are many reasons for wanting to remove this icon. This two-part Experts Exchange video Micro Tutorial s…
Michael from AdRem Software explains how to view the most utilized and worst performing nodes in your network, by accessing the Top Charts view in NetCrunch network monitor (https://www.adremsoft.com/). Top Charts is a view in which you can set seve…

830 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question