new forest or domain?

-We are a library and have as our main domain " "
-Staff pc's are on the domain
-Patron pc's are in workgroup
-We want to be able to deploy software to patron pc's utilizing group policy like we do with staff pc's
-so what would that require? a new domain, a subdomain, a new forest
-preferably we do not want the patron and staff domains (or whatever)  to be able to access each other

ps. we already use wsus and lup to push some stuff, but would like to use gpo for the patron side also
harold mcmullennetwork techAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

You can create a new domain. Although I'd stick with the workgroup for patrons and just edit the registry pointing them at the WSUS.
Will SzymkowskiSenior Solution ArchitectCommented:
Keep the workgroup. Too much work to create an entire domain for WSUS. You can modify the registry to accomplish this.

Refer to this link for details..

Hope this helps!
Pramod UbheCommented:
-We want to be able to deploy software to patron pc's utilizing group policy like we do with staff pc's

If this is the only requirement then you need not have to create new domain/forest. WSUS or other software deployment tools can recognize workgroup computers.

-preferably we do not want the patron and staff domains (or whatever)  to be able to access each other

your current setup is good enough to keep them seperated but if you ever decide to go for domain/forest structure then you should choose to create new Forest to keep them completely separated (you can also have connectivity by configuring AD trust relationship).
Newly released Acronis True Image 2019

In announcing the release of the 15th Anniversary Edition of Acronis True Image 2019, the company revealed that its artificial intelligence-based anti-ransomware technology – stopped more than 200,000 ransomware attacks on 150,000 customers last year.

harold mcmullennetwork techAuthor Commented:
man! thank you everyone for suggesting solutions so quickly. I really appreciate all of you taking time out from (i'm sure) busy schedules to help me.

-anyway,  we already use wsus/lup to push to patron (workgroup) pc's, but we want to be able to use group policy to push software (and policy/permissions) to the patron pc's.

ps. we do not want to purchase any 3rd party software, so basically just use what Microsoft already has builtin to do this.
Will SzymkowskiSenior Solution ArchitectCommented:
You cannot control individaul workgroup machines without having them added to the domain. This will require a server OS with either 2003/2008/2012 installed on it and then setup a domain and then adding the workgroup machines to this domain. From there you can start to create GPO's that can apply to the machines necessary.

Aside from that a workgroup is nothing more then a group of machines that are individually administered.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
harold mcmullennetwork techAuthor Commented:
thanks. I guess we are going to do the new server with new domain and then cross permissions with other domain. (I might not seem clear but I am just making quick comment cuz i'm busy)
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Active Directory

From novice to tech pro — start learning today.