Re: do I need win2k server
- From: "Ace Fekay [MVP Direcrtory Services]" <firstnamelastname@xxxxxxxxxxx>
- Date: Mon, 11 Aug 2008 19:11:13 -0400
"Bruce Sanderson" <bsanders@xxxxxxxxxxxxxxxxx> wrote in message news:u0IaFE$%23IHA.2056@xxxxxxxxxxxxxxxxxxxxxxx
As Ace Fekay said, you don't "need" a server or a domain for your home environment. Having a server or a Windows domain does not in and of itself increase the overall security of your home computers - depends on what you are attempting to accomplish (e.g. security re internal threats or security re external threats).
Your router most likely implements Network Address Translation (NAT), which will prevent many types of direct network attacks. More of a concern is web and email based attacks which require a user to visit a web page, download a file or open an email attachment. Whether or not there is a domain or server in the picture won't help much with those - antivirus and other malware detection/prevention tools and user education are needed to deal with them.
However, if you're up to the challenge and want to spend the money on a Windows Server license, there are definitly some advantages. I've been running an Active Directory domain at home for some years now and it has proven useful:
1. centralized user account administration
2. GPOs to do things like pushing groups into local groups using Restricted Groups, configuring screen saver, pushing network printer connections, configuring Windows Update, configuring the Windows firewall
3. using WSUS 3 to manage updates (saves having to download the updates over the relatively slow Internet connection seperatly for each computer, distributes updates automatically to clients)
4. using DFS (I keep most of my data on disks in the server)
Windows Server with Active Directory, DFS and WSUS doesn't need much procesing capacity for a small environment. I ran these for several years on a PIII 1 G Hz with 768 MB RAM under Windows 2003 and later, Windows 2008. It was a bit slow for interactive work (e.g. interacting with the WSUS user interface) but was perfectly adequate. On the other hand, computer hardware is getting to be quite cheap these days - a new computer with a quad core processor with 8 GB of RAM costs less than what I paid for the PIII etc. several years ago!
If you decide to use WSUS, be aware that the update data store will be in the order of 20GB or more (depending on what products etc. you decide to support). The first "synchronization" will download a lot of stuff (gigabytes!), so it might take many hours.
The DHCP service in the router is a bit primitive, but again is adequate. I don't run DHCP on the server.
You might find the two documents near the bottom of the page at http://members.shaw.ca/bsanders/WindowsGeneralWeb/DomainAndActiveDirectory.htm interesting.
--
Bruce Sanderson
Excellent post and I agree with all of it! One thing to add, secure updates into DNS (with AD integrated zones) and forcing DHCP to update for clients in an AD infrastructure, that a router doesn't support. Also DNS zone scavenging and configuring DHCP to update current records with a client's new IP.
Ace
.
- References:
- do I need win2k server
- From: tuuf
- Re: do I need win2k server
- From: Ace Fekay [MVP Direcrtory Services]
- Re: do I need win2k server
- From: tuuf
- Re: do I need win2k server
- From: Bruce Sanderson
- do I need win2k server
- Prev by Date: Re: Call to Action for Server 2008?
- Next by Date: Re: Terminal Services vs. Terminal Access
- Previous by thread: Re: do I need win2k server
- Next by thread: Re: do I need win2k server
- Index(es):
Relevant Pages
|
