Arguments for Using / Not Using a Windows Server OS

Posted on 2012-09-05
Last Modified: 2012-09-22
I have long held the notion that a peer-to-peer network is fine; particularly in situations where Server OS support is hard to find and/or can't be well justified.  So, I've been happy to deal with a Server OS installation only when some major software application *requires* it - and then it's only used as an application server.

I get a lot of flak for what seems to me to be a business-driven posture.  

The question is limited to Windows office environments.  You can assume that file sharing will be common.

This is not a question about hardware.  Presumably any hardware can be configured with any OS within reason.

So, I decided to do a bit of a survey asking:

On the "prefers Server OS" side:
- Why should one *not* use a peer-to-peer system in favor of one based on a Server OS?
[Please avoid the buzz words in answering this question.  Give concrete examples of what the user *must have* in order to maintain reasonable security, sanity, .. what?...]
What Server OS services do you view as essential and why in each case?

On the "prefers Workstation OS" side- What justifies using a peer-to-peer system?  Success stories?  Justificdation, etc?
Question by:Fred Marshall
    LVL 77

    Expert Comment

    by:David Johnson, CD, MVP
    It depends upon the size of the network.

    Windows limits connections to 20 concurrent connections for client operating systems. This limits sharing of resources.

    Every machine that is not managed by a server's group policies and using centralized storage means more administrative load to ensure that the machines are updated, required business software is installed, backups are done (managing backup media as well).  No consistency between machines as they may start with a base image over time they will accumulate non-business required software and other crud.. user videos/music and other unwanted items. The more machines involved the complexity increases by orders of magnitude.

    Less than 5 machines a workgroup is reasonable, more than 5 machines then a server in a box solution i.e. Small Business Server and Windows Storage Server become more and more attractive.

    Servers are not that complex.. initial setup can be a bit daunting but I've found group policy and folder redirection to be my ally and it saves going to each machine to make sure that it is configured to conform with business policy and legal requirements.  99% of the time you just set them up and then pretty much forget about them.
    LVL 25

    Author Comment

    by:Fred Marshall
    What do each of these things do for you and why do you need them?
    LVL 77

    Accepted Solution

    Windows Deployment Server -- allows you to install a standardized image on a new computer with very little work.

    Folder Redirection - Allows you to backup ALL user files in ONE location that is centrally managed.

    File sharing - more connections available.  Again files are located on 1 location which makes backup easier to accomplish.. rather than Joe Boss who decides that backup's slow down his computer so he disables them.. six months down the road his hard drive fails, all those documents that are important and only stored on his computer are now effectively gone. They MAY be recovered shipping the drive a very expensive data restore company .. a 500G drive $2000 up front with no guarantees.

    Group Policy - As it's name implies, it applies a group wide policy that encompasses almost every windows setting imaginable.  This setting can be enterprise-wide or down to either 1 specific computer or user. Group policy is centrally managed.. you don't have to go from computer to computer and manage things individually.

    Roaming Profiles - on your standardized machines it allows a user to login to any computer in the network and all of their files and settings are available.

    Windows Server Update Services - Real For instance scenario. Microsoft next month is rolling out a security fix that will invalidate all weak <1024 bit encrypted keys. you can test the impact of this security fix in a group of computers and if you have problems you can work at rectifying the problem before EVERY computer in your network gets this update

    Using a server based solution vs a workgroup solution lets one be more concerned with the aims of the business (making money with least expense)..

    5 machines or less a workgroup is fine and ideal
    < 75 machines/users small business server
    >75 and < 500 machines/users Server Enterprise
    >500 now we are talking wanting everything that Microsoft has to offer

    As I stated earlier, it has to be done on a case by case basis.. you weigh the pro's and the con's and make a business decision. Having everything centrally managed just makes things a lot easier, and less time consuming (time is money)
    LVL 25

    Author Comment

    by:Fred Marshall
    I appreciate the comments.  Thanks.  
    It's beginning to sound like a set of solutions to problems that I don't have or know how to deal with in other ways....  Not that I can't imagine having them.  So maybe the big deal is the selection of the number "5".  I might say "25" or even "50" based on years of experience "doing it another way".

    Windows Deployment Server: To the extent that this helps capture images for disaster recovery then this would be nice to have.  I'm currently encouraging capturing images to support quicker, more efficient rebuilds when necessary.  But I don't think this is the focus here quite is it?

    Folder redirection: assumes a problem that we don't have.  Yes, we have to plan and manage backups but that's pretty easy.  Likely the approaches are the "same" while being "different" in details of implementation.

    File sharing: really not a problem.  With XP we did run into the 10 connection limit but with Windows 7 it's not a problem.  And, we've developed some methods to minimize the number of simultaneous connections.  But, with a few more users this would be an issue.  Often a small organization has but a few people who have to access the same files and those can be distributed.  But, if there were 50 identical workstations then I can understand.

    Group Policy: sounds like a nice-to-have if one becomes inundated with changes, etc.  This hasn't been an issue for us.  But, sure, I'd like to  have remote control IF that's what the customer wants.

    Roaming Profiles: another nice-to-have if somehow the situation compels it.  It hasn't.

    Windows Server Update Services: sounds like somebody becomes "the man in the middle".  That seems unnecessary for small systems.

    I find that most Server OS - based companies have a full-time IT person.  I'm sure you've heard: "work expands to fill the time".  This reminds me of such things.  In my case I spend not more than maybe 10% of my time for the largest client company with 50 computers over 3 sites - with the help of a tech who sets up workstations.  If it's more than that it's because of a rare problem that has not much of anything to do with what we're talking about here.

    I'm not trying to be defensive, just to share perspectives.  It's kind of like the guy digging in a big pile of h***es**t saying "there has to be a pony in there somewhere!"

    The other day I ran into a (small) system which had evidently been dealt a hand with the Group Policy.  I don't even know where the "server" *is* in the building!!  I couldn't change settings on a computer.  It was really frustrating.  That's what happens when you have server OS guys mucking about part-time in a system that doesn't need their presence at all.  
    "If it ain't broke, don't fix it."
    "Better is the enemy of good enough."

    My management experience tells me to avoid things that can't be afforded, can't be supported, are not necessary for the health of the enterprise.  But, I know, it's been sold.

    This has been a valuable discussion for me because it suggests a way to better differentiate between systems that need a Server OS and those that don't.  Getting down to the critical elements, why they are there and how they serve needs, really helps.
    LVL 38

    Assisted Solution

    Another Function: Centralized Print Server
    Another Function: Centralized Authentication
    Another Function: IT security (meaning separation of duties)

    I agree with the other experts: "more than five, go domain"
    However, in your case, there is not on hand Tech support. In your case, sometimes it's easiest to handle problems one computer at a time.

    I have been in IT fields for 30 years and manage over 10000 PC's and Laptops.

    There becomes a time when, you want to stop fixing one computer at a time and jump into centralized management. I would think you are close to that time with more than 25 PCs.

    It's just so much easier to click a mouse two times and update all your machines, or manage all users with a couple key strokes, or control all machines IT security with a few group policies. Aren't there a couple features you would like to do to ALL machines, or ALL users, or All printers, or ALL Shares?
    LVL 25

    Author Comment

    by:Fred Marshall
    Once more, I really appreciate the inputs!

    In some sense, even with customers of nearly 10 years running, I can't really say that they are "my" computers because I'm not there full time and am generally not the person that sets them up.  Maybe that's a lack of "taking ownership" but I think it's been very appropriate.  Maybe it's a failed sales opportunity (?).  But, affordability is a big deal with these small companies.  Said another way: I'm "on call" - period.   Well, except for the largest customer where I do take responsibility on my own to deal with network monitoring, firewalls, etc.

    Let's talk hours for a moment shall we?  The largest customer generates an average of 20 hours a month.  The next largest customers generate an average around 20 hours per year.  They are all on peer-to-peer networks with a couple of exceptions where the servers are application servers for a single business app that may include SQL Server and have none of the bells and whistles that we've been discussing here.
    Given this:
    - how much time might a conversion to these "better" attributes take?
    - how much time might maintaining a system with these better attributes take?
    - how much risk do I take in trying to sell it?
    (I have to admit that I've lost at least one proposal where the customer was leaning to a new server-based setup and I proposed something else.  But that's one in years.)

    I set up Server 2008 R2 in my own office to work with.  So now it's a matter of trying things.  If *you* were a neophyte like me, what would you set up and test first?  Second?  etc?

    I should think that file service would be first priority as it appears to have the most universal application.  

    One question:
    If I set up Group Policies and then remove or shut down the server, what happens to settings on the workstations?  Can they be individually set or not?  Seems I've run into a situation where the workstations wouldn't behave re: setting firewall, etc. and suspected an obscured group policy situation.
    LVL 77

    Expert Comment

    by:David Johnson, CD, MVP
    A1:  the settings will remain on the computer until the computer is removed from the domain, then the local administrator can now change them
    A2: this is where Resultant set of policy (RSOP.msc) becomes useful, as it will show you what policies are applied
    LVL 38

    Expert Comment

    ""I set up Server 2008 R2 in my own office to work with.  So now it's a matter of trying things.""


    Work with it. I think you will like it.

    Set up DNS, first. Then add Active Directory and promote the server to an Active Directory Server on your little network. Join a computer or two to the domain, and see what you can do as a domain administrator, rather than a local administrator on each computer.

    With years of experience on configuring one computer at a time, you will VERY QUICKLY figure out Active Directory and DNS.

    DNS and AD are the foundation.

    Please note: DHCP must be performed on the server if you are using DHCP for client computers. The reason being is DHCP on the router (like in a home-based network) will not support critical domain DNS records. DHCP is a free application on the server. The router DHCP must be shut off.

    Now, it's time to show you how to centrally manage a domain. On the domain controller, go to START>>type in Services.MSC and press enter. Add the DNS snapin, and AD users and computers snapin, and the DHCP Snapin. (These snapins are the same thing you will see in in a single computer under>> Accessories>System Tools, BUT they are one centralized console of tools.

    Save that MMC console to your desktop of the server for quick reference. By centralizing your tools, you have a one stop shop for working on the domain and also learn much faster on how everything fits together.

    While in the MMC console, look at the other snapins that you might like to use.


    -Play with File Server, and Print Server applications. They are already a part of the OS for an R2 system.

    -Finally, play with group policy (to include user and machine policies). Often, GP is the most daunting function of an AD domain to new domain admins.

    Once set up and comfortable: Set yourself up a secure VPN link to the office and remote manage your entire domain from home. Your 20 hours a month job just went to 5, and it's time to drum up more business without loosing new customers.

    This "Lack of Ownership" thing, will not last forever. Their data is critical to their business. They will want someone that treats that data as his/her own.
    LVL 25

    Author Comment

    by:Fred Marshall
    OK.  Now I get into the nitty gritty of doing these things.  Dumb questions like:
    When I set up the FQDN, does it have to be registered if I'm not going to be doing any web servers?
    Should I use a registered but unused domain name of my own?  Like a .biz or .org?
    Or, can I just make something up?
    LVL 77

    Expert Comment

    by:David Johnson, CD, MVP
    I like using domainname.local this way I future-proof myself if I want to take over the dns and hosting for stuff that I have on the web with a registered domain name. I also don't run into problems with external and internal users being presented with different sites. I also believe this is a best practice.

    The FQDN is local only UNLESS you set the name servers of a registered domain to point to your network.. it doesn't exist outside of your local network unless you want it to be.
    LVL 38

    Expert Comment

    Agreed with above:

    However, you can VPN or remote into a LOCAL domain, meaning it does kind of exist outside of your network. You can host local web sites for managers to post things for everyone to see and for you to use administratively. This gives you play room with web sites.

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    How does your email signature look on mobiles?

    Do your employees use mobile devices to reply to emails? With mobile becoming increasingly important to the business world, it is in your best interest to make sure that your email signature looks great across all types of devices.

    A few months ago I had an issue with LaserJet 1020 printer which was installed to XP and Windows 7.  It was installed to XP and working, but when I tried to connect from a Windows 7 PC, it would attempt connection and then fail.  Sometimes the Spool…
    Storage devices are generally used to save the data or sometime transfer the data from one computer system to another system. However, sometimes user accidentally erased their important data from the Storage devices. Users have to know how data reco…
    Windows 8 comes with a dramatically different user interface known as Metro. Notably missing from the new interface is a Start button and Start Menu. Many users do not like it, much preferring the interface of earlier versions — Windows 7, Windows X…
    This Micro Tutorial will give you a basic overview of Windows DVD Burner through its features and interface. This will be demonstrated using Windows 7 operating system.

    758 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    10 Experts available now in Live!

    Get 1:1 Help Now