Jump to content

do I need win2k server

Guest tuuf

By Guest tuuf
in Windows 2003 Server

 Share

Recommended Posts

Guest tuuf

Guest tuuf

Posted
Posted

In a home setting with 5 computers running winxp would there be any need to

run a server environment ? Can user rights, priviledges, and dhcp be

accomplished with security settings within winxp and a router? Would I be

sacrificing anything doing this within a workgroup or would it be better to

setup a domain in a server setting?

  • Replies 5
  • Created
  • Last Reply

Popular Days

Popular Days

Guest Ace Fekay [MVP Direcrtory Services]

Guest Ace Fekay [MVP Direcrtory Services]

Posted
Posted

Re: do I need win2k server

 

 

"tuuf" <tuuf@discussions.microsoft.com> wrote in message

news:A0D3EC91-77CC-43FB-B4A4-A20A343BB4A8@microsoft.com...

> In a home setting with 5 computers running winxp would there be any need

> to

> run a server environment ? Can user rights, priviledges, and dhcp be

> accomplished with security settings within winxp and a router? Would I be

> sacrificing anything doing this within a workgroup or would it be better

> to

> setup a domain in a server setting?

 

You could use a server if you wanted to. But that depends on your knowledge

of Active Directory and DNS. There's much to know and understand how it

works. Too complex for a home owner who doesn't work with it day to day or

has no experience with it. There's also the cost associated with it, such as

buying a machine suitable to run a DC, and you could use a highend desktop

if you wanted, and of course the price of Windows Server 2003 or 2008.

 

A router's DHCP does not offer any security. Of course it depends on the

router, but all in all, it's nothing like what a server has to offer.

 

So in summary, no you don't really need one if security is the only factor

involved. You can use antivirus, Windows Defender, Windows Firewall, as well

as installing an additional antispyware on all machines and you should be

ok.

 

--

Regards,

Ace

 

This posting is provided "AS-IS" with no warranties or guarantees and

confers no rights.

 

Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSE+I, MCT,

MVP Microsoft MVP - Directory Services

Microsoft Certified Trainer

 

For urgent issues, you may want to contact Microsoft PSS directly. Please

check http://support.microsoft.com for regional support phone numbers.

 

Infinite Diversities in Infinite Combinations

Guest tuuf

Guest tuuf

Posted
Posted

Re: do I need win2k server

 

I do have basic knowledge with AD, DNS, and DHCP on win2k server.

When you say windows server provides much better security than a router

could you explain further (or point me to some articles I can read).

Remember, I would be using windows 2000 server and winxp as workstations.

If I do setup a server and only setup the workstations in a workgroup......

does this

negate the security benefits. Is it best to join a domain?

 

thanks,

mike

 

"Ace Fekay [MVP Direcrtory Services]" wrote:

>

> "tuuf" <tuuf@discussions.microsoft.com> wrote in message

> news:A0D3EC91-77CC-43FB-B4A4-A20A343BB4A8@microsoft.com...

> > In a home setting with 5 computers running winxp would there be any need

> > to

> > run a server environment ? Can user rights, priviledges, and dhcp be

> > accomplished with security settings within winxp and a router? Would I be

> > sacrificing anything doing this within a workgroup or would it be better

> > to

> > setup a domain in a server setting?

>

> You could use a server if you wanted to. But that depends on your knowledge

> of Active Directory and DNS. There's much to know and understand how it

> works. Too complex for a home owner who doesn't work with it day to day or

> has no experience with it. There's also the cost associated with it, such as

> buying a machine suitable to run a DC, and you could use a highend desktop

> if you wanted, and of course the price of Windows Server 2003 or 2008.

>

> A router's DHCP does not offer any security. Of course it depends on the

> router, but all in all, it's nothing like what a server has to offer.

>

> So in summary, no you don't really need one if security is the only factor

> involved. You can use antivirus, Windows Defender, Windows Firewall, as well

> as installing an additional antispyware on all machines and you should be

> ok.

>

> --

> Regards,

> Ace

>

> This posting is provided "AS-IS" with no warranties or guarantees and

> confers no rights.

>

> Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSE+I, MCT,

> MVP Microsoft MVP - Directory Services

> Microsoft Certified Trainer

>

> For urgent issues, you may want to contact Microsoft PSS directly. Please

> check http://support.microsoft.com for regional support phone numbers.

>

> Infinite Diversities in Infinite Combinations

>

Guest Bruce Sanderson

Guest Bruce Sanderson

Posted
Posted

Re: do I need win2k server

 

As Ace Fekay said, you don't "need" a server or a domain for your home environment. Having a server

or a Windows domain does not in and of itself increase the overall security of your home computers -

depends on what you are attempting to accomplish (e.g. security re internal threats or security re

external threats).

 

Your router most likely implements Network Address Translation (NAT), which will prevent many types

of direct network attacks. More of a concern is web and email based attacks which require a user to

visit a web page, download a file or open an email attachment. Whether or not there is a domain or

server in the picture won't help much with those - antivirus and other malware detection/prevention

tools and user education are needed to deal with them.

 

However, if you're up to the challenge and want to spend the money on a Windows Server license,

there are definitly some advantages. I've been running an Active Directory domain at home for some

years now and it has proven useful:

 

1. centralized user account administration

2. GPOs to do things like pushing groups into local groups using Restricted Groups, configuring

screen saver, pushing network printer connections, configuring Windows Update, configuring the

Windows firewall

3. using WSUS 3 to manage updates (saves having to download the updates over the relatively slow

Internet connection seperatly for each computer, distributes updates automatically to clients)

4. using DFS (I keep most of my data on disks in the server)

 

Windows Server with Active Directory, DFS and WSUS doesn't need much procesing capacity for a small

environment. I ran these for several years on a PIII 1 G Hz with 768 MB RAM under Windows 2003 and

later, Windows 2008. It was a bit slow for interactive work (e.g. interacting with the WSUS user

interface) but was perfectly adequate. On the other hand, computer hardware is getting to be quite

cheap these days - a new computer with a quad core processor with 8 GB of RAM costs less than what I

paid for the PIII etc. several years ago!

 

If you decide to use WSUS, be aware that the update data store will be in the order of 20GB or more

(depending on what products etc. you decide to support). The first "synchronization" will download

a lot of stuff (gigabytes!), so it might take many hours.

 

The DHCP service in the router is a bit primitive, but again is adequate. I don't run DHCP on the

server.

 

You might find the two documents near the bottom of the page at

http://members.shaw.ca/bsanders/WindowsGeneralWeb/DomainAndActiveDirectory.htm interesting.

--

Bruce Sanderson

http://members.shaw.ca/bsanders/

It's perfectly useless to know the right answer to the wrong question.

 

 

"tuuf" <tuuf@discussions.microsoft.com> wrote in message

news:0636A4B4-36D7-4435-87A0-3253A5E4652E@microsoft.com...

>I do have basic knowledge with AD, DNS, and DHCP on win2k server.

> When you say windows server provides much better security than a router

> could you explain further (or point me to some articles I can read).

> Remember, I would be using windows 2000 server and winxp as workstations.

> If I do setup a server and only setup the workstations in a workgroup......

> does this

> negate the security benefits. Is it best to join a domain?

>

> thanks,

> mike

>

> "Ace Fekay [MVP Direcrtory Services]" wrote:

>

>>

>> "tuuf" <tuuf@discussions.microsoft.com> wrote in message

>> news:A0D3EC91-77CC-43FB-B4A4-A20A343BB4A8@microsoft.com...

>> > In a home setting with 5 computers running winxp would there be any need

>> > to

>> > run a server environment ? Can user rights, priviledges, and dhcp be

>> > accomplished with security settings within winxp and a router? Would I be

>> > sacrificing anything doing this within a workgroup or would it be better

>> > to

>> > setup a domain in a server setting?

>>

>> You could use a server if you wanted to. But that depends on your knowledge

>> of Active Directory and DNS. There's much to know and understand how it

>> works. Too complex for a home owner who doesn't work with it day to day or

>> has no experience with it. There's also the cost associated with it, such as

>> buying a machine suitable to run a DC, and you could use a highend desktop

>> if you wanted, and of course the price of Windows Server 2003 or 2008.

>>

>> A router's DHCP does not offer any security. Of course it depends on the

>> router, but all in all, it's nothing like what a server has to offer.

>>

>> So in summary, no you don't really need one if security is the only factor

>> involved. You can use antivirus, Windows Defender, Windows Firewall, as well

>> as installing an additional antispyware on all machines and you should be

>> ok.

>>

>> --

>> Regards,

>> Ace

>>

>> This posting is provided "AS-IS" with no warranties or guarantees and

>> confers no rights.

>>

>> Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSE+I, MCT,

>> MVP Microsoft MVP - Directory Services

>> Microsoft Certified Trainer

>>

>> For urgent issues, you may want to contact Microsoft PSS directly. Please

>> check http://support.microsoft.com for regional support phone numbers.

>>

>> Infinite Diversities in Infinite Combinations

>>

Guest Ace Fekay [MVP Direcrtory Services]

Guest Ace Fekay [MVP Direcrtory Services]

Posted
Posted

Re: do I need win2k server

 

 

"Bruce Sanderson" <bsanders@newsgroups.nospam> wrote in message

news:u0IaFE$%23IHA.2056@TK2MSFTNGP05.phx.gbl...

> As Ace Fekay said, you don't "need" a server or a domain for your home

> environment. Having a server or a Windows domain does not in and of

> itself increase the overall security of your home computers - depends on

> what you are attempting to accomplish (e.g. security re internal threats

> or security re external threats).

>

> Your router most likely implements Network Address Translation (NAT),

> which will prevent many types of direct network attacks. More of a

> concern is web and email based attacks which require a user to visit a web

> page, download a file or open an email attachment. Whether or not there

> is a domain or server in the picture won't help much with those -

> antivirus and other malware detection/prevention tools and user education

> are needed to deal with them.

>

> However, if you're up to the challenge and want to spend the money on a

> Windows Server license, there are definitly some advantages. I've been

> running an Active Directory domain at home for some years now and it has

> proven useful:

>

> 1. centralized user account administration

> 2. GPOs to do things like pushing groups into local groups using

> Restricted Groups, configuring screen saver, pushing network printer

> connections, configuring Windows Update, configuring the Windows firewall

> 3. using WSUS 3 to manage updates (saves having to download the updates

> over the relatively slow Internet connection seperatly for each computer,

> distributes updates automatically to clients)

> 4. using DFS (I keep most of my data on disks in the server)

>

> Windows Server with Active Directory, DFS and WSUS doesn't need much

> procesing capacity for a small environment. I ran these for several years

> on a PIII 1 G Hz with 768 MB RAM under Windows 2003 and later, Windows

> 2008. It was a bit slow for interactive work (e.g. interacting with the

> WSUS user interface) but was perfectly adequate. On the other hand,

> computer hardware is getting to be quite cheap these days - a new computer

> with a quad core processor with 8 GB of RAM costs less than what I paid

> for the PIII etc. several years ago!

>

> If you decide to use WSUS, be aware that the update data store will be in

> the order of 20GB or more (depending on what products etc. you decide to

> support). The first "synchronization" will download a lot of stuff

> (gigabytes!), so it might take many hours.

>

> The DHCP service in the router is a bit primitive, but again is adequate.

> I don't run DHCP on the server.

>

> You might find the two documents near the bottom of the page at

> http://members.shaw.ca/bsanders/WindowsGeneralWeb/DomainAndActiveDirectory.htm

> interesting.

> --

> Bruce Sanderson

 

 

Excellent post and I agree with all of it! One thing to add, secure updates

into DNS (with AD integrated zones) and forcing DHCP to update for clients

in an AD infrastructure, that a router doesn't support. Also DNS zone

scavenging and configuring DHCP to update current records with a client's

new IP.

 

Ace

Guest tuuf

Guest tuuf

Posted
Posted

Re: do I need win2k server

 

thank you very much. Rarely do I get such a detailed informative response

like that..... much appreciated. I also found your website link very useful

as well.

 

 

mike

 

"Bruce Sanderson" wrote:

> As Ace Fekay said, you don't "need" a server or a domain for your home environment. Having a server

> or a Windows domain does not in and of itself increase the overall security of your home computers -

> depends on what you are attempting to accomplish (e.g. security re internal threats or security re

> external threats).

>

> Your router most likely implements Network Address Translation (NAT), which will prevent many types

> of direct network attacks. More of a concern is web and email based attacks which require a user to

> visit a web page, download a file or open an email attachment. Whether or not there is a domain or

> server in the picture won't help much with those - antivirus and other malware detection/prevention

> tools and user education are needed to deal with them.

>

> However, if you're up to the challenge and want to spend the money on a Windows Server license,

> there are definitly some advantages. I've been running an Active Directory domain at home for some

> years now and it has proven useful:

>

> 1. centralized user account administration

> 2. GPOs to do things like pushing groups into local groups using Restricted Groups, configuring

> screen saver, pushing network printer connections, configuring Windows Update, configuring the

> Windows firewall

> 3. using WSUS 3 to manage updates (saves having to download the updates over the relatively slow

> Internet connection seperatly for each computer, distributes updates automatically to clients)

> 4. using DFS (I keep most of my data on disks in the server)

>

> Windows Server with Active Directory, DFS and WSUS doesn't need much procesing capacity for a small

> environment. I ran these for several years on a PIII 1 G Hz with 768 MB RAM under Windows 2003 and

> later, Windows 2008. It was a bit slow for interactive work (e.g. interacting with the WSUS user

> interface) but was perfectly adequate. On the other hand, computer hardware is getting to be quite

> cheap these days - a new computer with a quad core processor with 8 GB of RAM costs less than what I

> paid for the PIII etc. several years ago!

>

> If you decide to use WSUS, be aware that the update data store will be in the order of 20GB or more

> (depending on what products etc. you decide to support). The first "synchronization" will download

> a lot of stuff (gigabytes!), so it might take many hours.

>

> The DHCP service in the router is a bit primitive, but again is adequate. I don't run DHCP on the

> server.

>

> You might find the two documents near the bottom of the page at

> http://members.shaw.ca/bsanders/WindowsGeneralWeb/DomainAndActiveDirectory.htm interesting.

> --

> Bruce Sanderson

> http://members.shaw.ca/bsanders/

> It's perfectly useless to know the right answer to the wrong question.

>

>

> "tuuf" <tuuf@discussions.microsoft.com> wrote in message

> news:0636A4B4-36D7-4435-87A0-3253A5E4652E@microsoft.com...

> >I do have basic knowledge with AD, DNS, and DHCP on win2k server.

> > When you say windows server provides much better security than a router

> > could you explain further (or point me to some articles I can read).

> > Remember, I would be using windows 2000 server and winxp as workstations.

> > If I do setup a server and only setup the workstations in a workgroup......

> > does this

> > negate the security benefits. Is it best to join a domain?

> >

> > thanks,

> > mike

> >

> > "Ace Fekay [MVP Direcrtory Services]" wrote:

> >

> >>

> >> "tuuf" <tuuf@discussions.microsoft.com> wrote in message

> >> news:A0D3EC91-77CC-43FB-B4A4-A20A343BB4A8@microsoft.com...

> >> > In a home setting with 5 computers running winxp would there be any need

> >> > to

> >> > run a server environment ? Can user rights, priviledges, and dhcp be

> >> > accomplished with security settings within winxp and a router? Would I be

> >> > sacrificing anything doing this within a workgroup or would it be better

> >> > to

> >> > setup a domain in a server setting?

> >>

> >> You could use a server if you wanted to. But that depends on your knowledge

> >> of Active Directory and DNS. There's much to know and understand how it

> >> works. Too complex for a home owner who doesn't work with it day to day or

> >> has no experience with it. There's also the cost associated with it, such as

> >> buying a machine suitable to run a DC, and you could use a highend desktop

> >> if you wanted, and of course the price of Windows Server 2003 or 2008.

> >>

> >> A router's DHCP does not offer any security. Of course it depends on the

> >> router, but all in all, it's nothing like what a server has to offer.

> >>

> >> So in summary, no you don't really need one if security is the only factor

> >> involved. You can use antivirus, Windows Defender, Windows Firewall, as well

> >> as installing an additional antispyware on all machines and you should be

> >> ok.

> >>

> >> --

> >> Regards,

> >> Ace

> >>

> >> This posting is provided "AS-IS" with no warranties or guarantees and

> >> confers no rights.

> >>

> >> Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSE+I, MCT,

> >> MVP Microsoft MVP - Directory Services

> >> Microsoft Certified Trainer

> >>

> >> For urgent issues, you may want to contact Microsoft PSS directly. Please

> >> check http://support.microsoft.com for regional support phone numbers.

> >>

> >> Infinite Diversities in Infinite Combinations

> >>

>

>

 Share
Go to topic listing
×
×
  • Create New...