Re: Active Directory/HIPPA Question
From: Scott Harding - MS MVP (scrockel_at_**NO_SPAM**hotmail.com)
Date: 03/04/04
- Next message: Doug Allen [MSFT]: "Re: Defrag Command Line"
- Previous message: Sean Dwyer[MSFT]: "Re: Quick Launch Toolbar"
- In reply to: adfreak: "Re: Active Directory/HIPPA Question"
- Next in thread: adfreak: "Re: Active Directory/HIPPA Question"
- Reply: adfreak: "Re: Active Directory/HIPPA Question"
- Messages sorted by: [ date ] [ thread ]
Date: Thu, 4 Mar 2004 13:09:17 -0700
Ok, I misunderstood your post a little AND I was not blasting you at all.
Your post read as if you didn't know the difference between a workgroup and
a domain. So for that I am sorry, and why I sounded like I was blasting your
knowledge. If these remote sites login with some secure VPN or something to
that effect that should be fine. I was under the impresion that these remote
sites were already on the domain. If they have some sort of authentication
to the main site to get into whatever apps they need etc. then the remote
sites may not need to be part of a domain. And the reason for this being a
little inappropriate for this type of discussions if that there is always
more that we need to know and no one wants to write a book to answer
questions and there is typically so much we would need to know to be useful
that a lot of times we may not have the big picture to answer appropriately.
Certainly not saying that we won't try to help. That's what MVP's
do.....help out for free. Let's see what we can find for your specific
questions below...
-- Scott Harding MCSE, MCSA, A+, Network+ Microsoft MVP - Windows NT Server "adfreak" <rtivnan@comcast.net> wrote in message news:O2PaZPhAEHA.3456@TK2MSFTNGP09.phx.gbl... > First things first. I've been in the industry 10 years strictly doing > Microsoft work. I'm an MCSE on all three platforms (NT, W2K and Windows > 2003) and am very familiar with the differences between a domain and > workgroup. I guess you didn't read my statement close enough. The client > is saying that since everyone of those 800 + remote sites does not require > security principals accessing resources in the domain, then why bother > putting them in the domain? They won't need to push out group > polices,etc... > > They're more concerned with the servers in the central site hosting the data > for there medical applications (which require application > usernames/passwords). They want to know why they should fork up $500K+ to > roll out AD when their top priority this year is securing the applications > for HIPPA compliancy. I simply wrote asking if MIIS and or ADAM (both newly > introduced recently) could help them out? > > Why isn't this the place to get "into this kind of discussion"?? I thought > this was a newsgroup where fellow engineers learn off one another, not blast > each other... > > > "Scott Harding - MS MVP" <scrockel@**NO_SPAM**hotmail.com> wrote in message > news:e4fSuEhAEHA.3024@TK2MSFTNGP10.phx.gbl... > > If you are helping them design this you should know the reasons for a > domain > > over a workgroup. This really scares me that a company this big doesn't > have > > the IT staff to support it. Especially when they are trying to be HIPPA > > compliant! Security is one of the biggest reasons. Single sign is also one > > but not nearly as important as the Security advantages. A domain creates > > secure channels between the clients and the network where a workgroup > > doesn't. You can require password changes and group policy to lock > > everything down. Simply adding a firewall and letting your users decide > how > > and when to change their passwords and managing any of that with a > workgroup > > is just impossible. ESPECIALLY if you have 800 remote offices. Sounds like > > you need a local security consultant to help out. There are more reasons > > than quoted here and this really isn't the place to get into this sort of > > discussion. More guys will probably chime in and give their thoughts but > > getting some qualified and certified people on this decision is really > what > > is needed so they can know and understand a lot more than you can tell us > > here and make the proper recommendations. > > > > -- > > Scott Harding > > MCSE, MCSA, A+, Network+ > > Microsoft MVP - Windows NT Server > > > > > > "adfreak" <rtivnan@comcast.net> wrote in message > > news:O7Ndd1gAEHA.3944@TK2MSFTNGP11.phx.gbl... > > > I have a potential client who is mulling whether or not to invest a ton > of > > > cash in upgrading to W2K3/AD. They are a company in the Medical Care > > > industry who has one central location and up to 800 remote branch > offices. > > > Theses branch offices have a mix of Win98/W2K Pro/XP desktops. There is > a > > > project in place for upgrading everyone to XP. These users at the > remote > > > offices simply utilize the pc's to access client/server apps back home > at > > > the central location (i.e. SAP, Lotus Notes). They have no need for > > things > > > such as Office, Visio, etc... Along with the previously mentioned > > > applications are home grown, patient demographic applications they > acess. > > > Presently, these remote sites share usernames/passwords, some usernames > do > > > not require passwords. It's very messy. > > > > > > The client wants to know why they should go to AD when they can simply > > throw > > > up a Firewall to protect the servers which are hosting (SAP, Oracle, > > Notes, > > > patient application, etc) and simply let these remote pc's sit in a > > > workgroup???? > > > > > > My thoughts are MIIS for Single Sign on? And, what is this new ADAM (AD > > > Applicaton Mode) do for companies? The most important thing for them is > > > HIPPA compliancy and they want to know how rolling out AD can make them > > more > > > secure? Exact examples? > > > > > > Any insight would be appreciated. > > > > > > > > > > > >
- Next message: Doug Allen [MSFT]: "Re: Defrag Command Line"
- Previous message: Sean Dwyer[MSFT]: "Re: Quick Launch Toolbar"
- In reply to: adfreak: "Re: Active Directory/HIPPA Question"
- Next in thread: adfreak: "Re: Active Directory/HIPPA Question"
- Reply: adfreak: "Re: Active Directory/HIPPA Question"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
