Re: Active Directory/HIPPA Question

From: Scott Harding - MS MVP (scrockel_at_**NO_SPAM**hotmail.com)
Date: 03/04/04 

Date: Thu, 4 Mar 2004 13:42:44 -0700

ANother thought I have is to maybe start at your main site with domain
upgrades etc...so you can lock down all those systems and such and then test
with your clients and see how it works. Basically what I am saying is that
maybe it is a stepping process where you don't necessarily include or
upgrade your remote sites to a domain or into your domain as you test and
see how things work and how secure they are. I don't think there is going to
be a blanket, one answer for all, for this situation. I'm sure some of the
other guys will chime in with some thoughts? Fellas? 

-- 
Scott Harding
MCSE, MCSA, A+, Network+
Microsoft MVP - Windows NT Server
"adfreak" <rtivnan@comcast.net> wrote in message
news:eT7GbciAEHA.2308@tk2msftngp13.phx.gbl...
> Thanks.
>
> I'm probably correct in my assumption that ADAM will not support home
grown
> applications?
>
> Appreciate your help
> "Scott Harding - MS MVP" <scrockel@**NO_SPAM**hotmail.com> wrote in
message
> news:uSGf8UiAEHA.808@TK2MSFTNGP12.phx.gbl...
> > Here's some mroe info...
> >
> > http://www.microsoft.com/windowsserver2003/techinfo/overview/adam.mspx
> >
> > download.....
> >
> >
>
http://www.microsoft.com/downloads/details.aspx?FamilyId=9688F8B9-1034-4EF6-A3E5-2A2A57B5C8E4&displaylang=en
> >
> > MIIS info...
> >
> >
>
http://www.microsoft.com/windowsserver2003/technologies/directory/miis/default.mspx
> > -- 
> > Scott Harding
> > MCSE, MCSA, A+, Network+
> > Microsoft MVP - Windows NT Server
> >
> > "adfreak" <rtivnan@comcast.net> wrote in message
> > news:O2PaZPhAEHA.3456@TK2MSFTNGP09.phx.gbl...
> > > First things first.  I've been in the industry 10 years strictly doing
> > > Microsoft work.  I'm an MCSE on all three platforms (NT, W2K and
Windows
> > > 2003) and am very familiar with the differences between a domain and
> > > workgroup.  I guess you didn't read my statement close enough.  The
> client
> > > is saying that since everyone of those 800 + remote sites does not
> require
> > > security principals accessing resources in the domain, then why bother
> > > putting them in the domain?  They won't need to push out group
> > > polices,etc...
> > >
> > > They're more concerned with the servers in the central site hosting
the
> > data
> > > for there medical applications (which require application
> > > usernames/passwords).  They want to know why they should fork up
$500K+
> to
> > > roll out AD when their top priority this year is securing the
> applications
> > > for HIPPA compliancy.  I simply wrote asking if MIIS and or ADAM (both
> > newly
> > > introduced recently) could help them out?
> > >
> > > Why isn't this the place to get "into this kind of discussion"??  I
> > thought
> > > this was a newsgroup where fellow engineers learn off one another, not
> > blast
> > > each other...
> > >
> > >
> > > "Scott Harding - MS MVP" <scrockel@**NO_SPAM**hotmail.com> wrote in
> > message
> > > news:e4fSuEhAEHA.3024@TK2MSFTNGP10.phx.gbl...
> > > > If you are helping them design this you should know the reasons for
a
> > > domain
> > > > over a workgroup. This really scares me that a company this big
> doesn't
> > > have
> > > > the IT staff to support it. Especially when they are trying to be
> HIPPA
> > > > compliant! Security is one of the biggest reasons. Single sign is
also
> > one
> > > > but not nearly as important as the Security advantages. A domain
> creates
> > > > secure channels between the clients and the network where a
workgroup
> > > > doesn't. You can require password changes and group policy to lock
> > > > everything down. Simply adding a firewall and letting your users
> decide
> > > how
> > > > and when to change their passwords and managing any of that with a
> > > workgroup
> > > > is just impossible. ESPECIALLY if you have 800 remote offices.
Sounds
> > like
> > > > you need a local security consultant to help out. There are more
> reasons
> > > > than quoted here and this really isn't the place to get into this
sort
> > of
> > > > discussion. More guys will probably chime in and give their thoughts
> but
> > > > getting some qualified and certified people on this decision is
really
> > > what
> > > > is needed so they can know and understand a lot more than you can
tell
> > us
> > > > here and make the proper recommendations.
> > > >
> > > > -- 
> > > > Scott Harding
> > > > MCSE, MCSA, A+, Network+
> > > > Microsoft MVP - Windows NT Server
> > > >
> > > >
> > > > "adfreak" <rtivnan@comcast.net> wrote in message
> > > > news:O7Ndd1gAEHA.3944@TK2MSFTNGP11.phx.gbl...
> > > > > I have a potential client who is mulling whether or not to invest
a
> > ton
> > > of
> > > > > cash in upgrading to W2K3/AD.  They are a company in the Medical
> Care
> > > > > industry who has one central location and up to 800 remote branch
> > > offices.
> > > > > Theses branch offices have a mix of Win98/W2K Pro/XP desktops.
> There
> > is
> > > a
> > > > > project in place for upgrading everyone to XP.  These users at the
> > > remote
> > > > > offices simply utilize the pc's to access client/server apps back
> home
> > > at
> > > > > the central location (i.e. SAP, Lotus Notes).  They have no need
for
> > > > things
> > > > > such as Office, Visio, etc...  Along with the previously mentioned
> > > > > applications are home grown, patient demographic applications they
> > > acess.
> > > > > Presently, these remote sites share usernames/passwords, some
> > usernames
> > > do
> > > > > not require passwords.  It's very messy.
> > > > >
> > > > > The client wants to know why they should go to AD when they can
> simply
> > > > throw
> > > > > up a Firewall to protect the servers which are hosting (SAP,
Oracle,
> > > > Notes,
> > > > > patient application, etc) and simply let these remote pc's sit in
a
> > > > > workgroup????
> > > > >
> > > > > My thoughts are MIIS for Single Sign on?  And, what is this new
ADAM
> > (AD
> > > > > Applicaton Mode) do for companies?  The most important thing for
> them
> > is
> > > > > HIPPA compliancy and they want to know how rolling out AD can make
> > them
> > > > more
> > > > > secure?  Exact examples?
> > > > >
> > > > > Any insight would be appreciated.
> > > > >
> > > > >
> > > >
> > > >
> > >
> > >
> >
> >
>
>

Relevant Pages

  • Re: Active Directory/HIPPA Question
    ... Typically if your app is using standard MS API's and such it ... >> Microsoft MVP - Windows NT Server ... >>> workgroup. ... >>> usernames/passwords). ...
    (microsoft.public.win2000.general)
  • Re: [SLE] Network Confusion (Long Post)
    ... You have a linux samba server - please post the smb.conf file. ... Attempting to become logon server for workgroup ASTRA_ENT on subnet 192.168.2.2 ... Attempting to become domain master browser on workgroup ASTRA_ENT, ...
    (SuSE)
  • RE: Upgrade to Premium After Installing WSS 3.0
    ... This newsgroup is primarily for issues involving deployment, configuration, ... Installing SQL Server 2005 WorkGroup Edition in Windows Small Business ...
    (microsoft.public.windows.server.sbs)
  • RE: FreeBSD Security Survey
    ... Subject: FreeBSD Security Survey ... queries to this server to the NAS only. ... people have at least had this problem with version upgrades ...
    (freebsd-questions)
  • Re: Problem getting a new XP computer to join an NT 4.0/Win 98 domain
    ... > the computers and the file server with the goal of getting ... > If you scan Network Neighborhood for the Entire Network after ... > booting, there are 3 workgroups: ... > machines to see and map to shares on the NT file server. ...
    (microsoft.public.windowsxp.network_web)
Loading