Re: Active Directory/HIPPA Question
From: adfreak (rtivnan_at_comcast.net)
Date: 03/04/04
- Next message: Doug Allen [MSFT]: "Re: How to get rid of extra start up screen"
- Previous message: Ash: "Re: Cannot Browse The Net From the Server"
- In reply to: Scott Harding - MS MVP: "Re: Active Directory/HIPPA Question"
- Next in thread: Scott Harding - MS MVP: "Re: Active Directory/HIPPA Question"
- Reply: Scott Harding - MS MVP: "Re: Active Directory/HIPPA Question"
- Messages sorted by: [ date ] [ thread ]
Date: Thu, 4 Mar 2004 16:09:13 -0500
Yes. I went in and did a 3 week assessment:
12 NT 4.0 Domains disperesed Geographically with users/computers in each one
1 of those NT Domains has two way trusts to all other 11 (makes up the
hub/spoke topology)
24,000 total employees, but only 9500 user accounts (gives you an idea how
non compliant they are, sharing usernames/passwords)
Pure NT 4.0 Domains. Ironically, 70 out of the 85 Wintel servers are
running W2K Server. The only ones still running NT 4.0 Server are literally
the domain controllers so they're in good shape there. The hardware
resources are fine (dual xeon's, 2gb ram, 5x72gb PowerEdges)
They simply don't care much about the remote sites since they are simply
clinics with nurses in there running a mix of Win98/W2K Pro/Xp, some in the
domain and some in a workgroup.
"Scott Harding - MS MVP" <scrockel@**NO_SPAM**hotmail.com> wrote in message
news:u0jlhliAEHA.3352@TK2MSFTNGP09.phx.gbl...
> Is your current domain NT4?
>
> --
> Scott Harding
> MCSE, MCSA, A+, Network+
> Microsoft MVP - Windows NT Server
>
> "adfreak" <rtivnan@comcast.net> wrote in message
> news:eT7GbciAEHA.2308@tk2msftngp13.phx.gbl...
> > Thanks.
> >
> > I'm probably correct in my assumption that ADAM will not support home
> grown
> > applications?
> >
> > Appreciate your help
> > "Scott Harding - MS MVP" <scrockel@**NO_SPAM**hotmail.com> wrote in
> message
> > news:uSGf8UiAEHA.808@TK2MSFTNGP12.phx.gbl...
> > > Here's some mroe info...
> > >
> > > http://www.microsoft.com/windowsserver2003/techinfo/overview/adam.mspx
> > >
> > > download.....
> > >
> > >
> >
>
http://www.microsoft.com/downloads/details.aspx?FamilyId=9688F8B9-1034-4EF6-A3E5-2A2A57B5C8E4&displaylang=en
> > >
> > > MIIS info...
> > >
> > >
> >
>
http://www.microsoft.com/windowsserver2003/technologies/directory/miis/default.mspx
> > > --
> > > Scott Harding
> > > MCSE, MCSA, A+, Network+
> > > Microsoft MVP - Windows NT Server
> > >
> > > "adfreak" <rtivnan@comcast.net> wrote in message
> > > news:O2PaZPhAEHA.3456@TK2MSFTNGP09.phx.gbl...
> > > > First things first. I've been in the industry 10 years strictly
doing
> > > > Microsoft work. I'm an MCSE on all three platforms (NT, W2K and
> Windows
> > > > 2003) and am very familiar with the differences between a domain and
> > > > workgroup. I guess you didn't read my statement close enough. The
> > client
> > > > is saying that since everyone of those 800 + remote sites does not
> > require
> > > > security principals accessing resources in the domain, then why
bother
> > > > putting them in the domain? They won't need to push out group
> > > > polices,etc...
> > > >
> > > > They're more concerned with the servers in the central site hosting
> the
> > > data
> > > > for there medical applications (which require application
> > > > usernames/passwords). They want to know why they should fork up
> $500K+
> > to
> > > > roll out AD when their top priority this year is securing the
> > applications
> > > > for HIPPA compliancy. I simply wrote asking if MIIS and or ADAM
(both
> > > newly
> > > > introduced recently) could help them out?
> > > >
> > > > Why isn't this the place to get "into this kind of discussion"?? I
> > > thought
> > > > this was a newsgroup where fellow engineers learn off one another,
not
> > > blast
> > > > each other...
> > > >
> > > >
> > > > "Scott Harding - MS MVP" <scrockel@**NO_SPAM**hotmail.com> wrote in
> > > message
> > > > news:e4fSuEhAEHA.3024@TK2MSFTNGP10.phx.gbl...
> > > > > If you are helping them design this you should know the reasons
for
> a
> > > > domain
> > > > > over a workgroup. This really scares me that a company this big
> > doesn't
> > > > have
> > > > > the IT staff to support it. Especially when they are trying to be
> > HIPPA
> > > > > compliant! Security is one of the biggest reasons. Single sign is
> also
> > > one
> > > > > but not nearly as important as the Security advantages. A domain
> > creates
> > > > > secure channels between the clients and the network where a
> workgroup
> > > > > doesn't. You can require password changes and group policy to lock
> > > > > everything down. Simply adding a firewall and letting your users
> > decide
> > > > how
> > > > > and when to change their passwords and managing any of that with a
> > > > workgroup
> > > > > is just impossible. ESPECIALLY if you have 800 remote offices.
> Sounds
> > > like
> > > > > you need a local security consultant to help out. There are more
> > reasons
> > > > > than quoted here and this really isn't the place to get into this
> sort
> > > of
> > > > > discussion. More guys will probably chime in and give their
thoughts
> > but
> > > > > getting some qualified and certified people on this decision is
> really
> > > > what
> > > > > is needed so they can know and understand a lot more than you can
> tell
> > > us
> > > > > here and make the proper recommendations.
> > > > >
> > > > > --
> > > > > Scott Harding
> > > > > MCSE, MCSA, A+, Network+
> > > > > Microsoft MVP - Windows NT Server
> > > > >
> > > > >
> > > > > "adfreak" <rtivnan@comcast.net> wrote in message
> > > > > news:O7Ndd1gAEHA.3944@TK2MSFTNGP11.phx.gbl...
> > > > > > I have a potential client who is mulling whether or not to
invest
> a
> > > ton
> > > > of
> > > > > > cash in upgrading to W2K3/AD. They are a company in the Medical
> > Care
> > > > > > industry who has one central location and up to 800 remote
branch
> > > > offices.
> > > > > > Theses branch offices have a mix of Win98/W2K Pro/XP desktops.
> > There
> > > is
> > > > a
> > > > > > project in place for upgrading everyone to XP. These users at
the
> > > > remote
> > > > > > offices simply utilize the pc's to access client/server apps
back
> > home
> > > > at
> > > > > > the central location (i.e. SAP, Lotus Notes). They have no need
> for
> > > > > things
> > > > > > such as Office, Visio, etc... Along with the previously
mentioned
> > > > > > applications are home grown, patient demographic applications
they
> > > > acess.
> > > > > > Presently, these remote sites share usernames/passwords, some
> > > usernames
> > > > do
> > > > > > not require passwords. It's very messy.
> > > > > >
> > > > > > The client wants to know why they should go to AD when they can
> > simply
> > > > > throw
> > > > > > up a Firewall to protect the servers which are hosting (SAP,
> Oracle,
> > > > > Notes,
> > > > > > patient application, etc) and simply let these remote pc's sit
in
> a
> > > > > > workgroup????
> > > > > >
> > > > > > My thoughts are MIIS for Single Sign on? And, what is this new
> ADAM
> > > (AD
> > > > > > Applicaton Mode) do for companies? The most important thing for
> > them
> > > is
> > > > > > HIPPA compliancy and they want to know how rolling out AD can
make
> > > them
> > > > > more
> > > > > > secure? Exact examples?
> > > > > >
> > > > > > Any insight would be appreciated.
> > > > > >
> > > > > >
> > > > >
> > > > >
> > > >
> > > >
> > >
> > >
> >
> >
>
>
- Next message: Doug Allen [MSFT]: "Re: How to get rid of extra start up screen"
- Previous message: Ash: "Re: Cannot Browse The Net From the Server"
- In reply to: Scott Harding - MS MVP: "Re: Active Directory/HIPPA Question"
- Next in thread: Scott Harding - MS MVP: "Re: Active Directory/HIPPA Question"
- Reply: Scott Harding - MS MVP: "Re: Active Directory/HIPPA Question"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
