Re: "join a domain" or not
- From: Chuck <none@xxxxxxxxxxx>
- Date: 6 Sep 2005 14:18:04 -0500
On 6 Sep 2005 11:35:20 -0700, jmarra@xxxxxxxxx wrote:
>I didn't see any posting protocols, so I apologize if I'm bypassing
>some rules.
>
>I am getting ready to set up a XPPro SP2 laptop with remote access to
>my company's server (Windows Server 2003). I'm not sure of the best
>way to accomplish this, but I do know of 2 options that seem to work
>well. I've tested both successfully, however, since I am a user and
>not an admin, I am not knowledgable enough to evaluate the pros and
>cons of the two approaches. Can someone help me understand the
>trade-offs?
>Opt 1) Leave the laptop as a member of a workgroup. Sign-in to machine
>with a local account. Use a VPN connection to establish connection to
>work.
>Opt 2) Change the laptop to be a member of the company domain. Add the
>domain user to the laptop. Sign in as this user (even when not
>connected directly to company domain). Use a VPN connection to
>establish connection to work.
>
>I've found the following benefits with option 2:
>* My login scripts ran from the server and mapped some drives for me
>(as opposed to initially mapping the drives manually in option 1). Not
>a biggy to me.
>* I could walk into work, plug in an ethernet cable, and be directly
>connected to the domain without using VPN.
>
>Other than the above, no differences have really jumped out at me.
>>>From what I've read, it seems like I could be missing out on some
>group-policy domain stuff, but this is not used much (if at all) by the
>company (for better or worse). It should be noted that this laptop
>will rarely connect directly to the network (almost always in a remote
>location using VPN). This makes the second benefit above kind of
>small.
>
>I'm inclined to stick with option 1 since it seems to remove a layer of
>complexity, and will maybe let me interact with my home network more
>easily (if I ever choose to do that). Any insights? Other options I
>should be exploring? Reasons for going with option 2?
>
>Thanks very much.
The differences between domain and workgroup membership will vary, according to
installation, and to domain (organisational) policy. Since it's a Server 2003
domain, I'd bet there are some domain policies which may be relevant to you,
even if you don't know about them. Also, what resources do you need to access?
Are there local accounts on each server, in addition to domain permissions, to
let you access everything as a workgroup member?
Generally, when AD is implemented, local server accounts are not provided as
granularly as without AD. An AD infrastructure requires a lot of work to
develop and to maintain, and most organisations won't spend time on local access
maintenance, if they have AD.
Have you asked your IT group for recommendations? If they have Server 2003 with
Active Directory setup, I'd bet there are various Group Policies in place which
make the network safer. It's probably to the benefit of your employer (and to
your benefit) to use AD as much as possible.
--
Cheers,
Chuck, MS-MVP [Windows - Networking]
http://nitecruzr.blogspot.com/
Paranoia is not a problem, when it's a normal response from experience.
My email is AT DOT
actual address pchuck mvps org.
.
- Follow-Ups:
- Re: "join a domain" or not
- From: jm
- Re: "join a domain" or not
- References:
- "join a domain" or not
- From: jmarra
- "join a domain" or not
- Prev by Date: Re: Can't browse My Netork Places after XP SP2
- Next by Date: Re: Dialup connection disconnects
- Previous by thread: "join a domain" or not
- Next by thread: Re: "join a domain" or not
- Index(es):
Relevant Pages
|
