do I need win2k server

  • Thread starter Thread starter tuuf
  • Start date Start date
T

tuuf

Guest
In a home setting with 5 computers running winxp would there be any need to
run a server environment ? Can user rights, priviledges, and dhcp be
accomplished with security settings within winxp and a router? Would I be
sacrificing anything doing this within a workgroup or would it be better to
setup a domain in a server setting?
 
Re: do I need win2k server


"tuuf" <tuuf@discussions.microsoft.com> wrote in message
news:A0D3EC91-77CC-43FB-B4A4-A20A343BB4A8@microsoft.com...
> In a home setting with 5 computers running winxp would there be any need
> to
> run a server environment ? Can user rights, priviledges, and dhcp be
> accomplished with security settings within winxp and a router? Would I be
> sacrificing anything doing this within a workgroup or would it be better
> to
> setup a domain in a server setting?

You could use a server if you wanted to. But that depends on your knowledge
of Active Directory and DNS. There's much to know and understand how it
works. Too complex for a home owner who doesn't work with it day to day or
has no experience with it. There's also the cost associated with it, such as
buying a machine suitable to run a DC, and you could use a highend desktop
if you wanted, and of course the price of Windows Server 2003 or 2008.

A router's DHCP does not offer any security. Of course it depends on the
router, but all in all, it's nothing like what a server has to offer.

So in summary, no you don't really need one if security is the only factor
involved. You can use antivirus, Windows Defender, Windows Firewall, as well
as installing an additional antispyware on all machines and you should be
ok.

--
Regards,
Ace

This posting is provided "AS-IS" with no warranties or guarantees and
confers no rights.

Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSE+I, MCT,
MVP Microsoft MVP - Directory Services
Microsoft Certified Trainer

For urgent issues, you may want to contact Microsoft PSS directly. Please
check http://support.microsoft.com for regional support phone numbers.

Infinite Diversities in Infinite Combinations
 
Re: do I need win2k server

I do have basic knowledge with AD, DNS, and DHCP on win2k server.
When you say windows server provides much better security than a router
could you explain further (or point me to some articles I can read).
Remember, I would be using windows 2000 server and winxp as workstations.
If I do setup a server and only setup the workstations in a workgroup......
does this
negate the security benefits. Is it best to join a domain?

thanks,
mike

"Ace Fekay [MVP Direcrtory Services]" wrote:

>
> "tuuf" <tuuf@discussions.microsoft.com> wrote in message
> news:A0D3EC91-77CC-43FB-B4A4-A20A343BB4A8@microsoft.com...
> > In a home setting with 5 computers running winxp would there be any need
> > to
> > run a server environment ? Can user rights, priviledges, and dhcp be
> > accomplished with security settings within winxp and a router? Would I be
> > sacrificing anything doing this within a workgroup or would it be better
> > to
> > setup a domain in a server setting?
>
> You could use a server if you wanted to. But that depends on your knowledge
> of Active Directory and DNS. There's much to know and understand how it
> works. Too complex for a home owner who doesn't work with it day to day or
> has no experience with it. There's also the cost associated with it, such as
> buying a machine suitable to run a DC, and you could use a highend desktop
> if you wanted, and of course the price of Windows Server 2003 or 2008.
>
> A router's DHCP does not offer any security. Of course it depends on the
> router, but all in all, it's nothing like what a server has to offer.
>
> So in summary, no you don't really need one if security is the only factor
> involved. You can use antivirus, Windows Defender, Windows Firewall, as well
> as installing an additional antispyware on all machines and you should be
> ok.
>
> --
> Regards,
> Ace
>
> This posting is provided "AS-IS" with no warranties or guarantees and
> confers no rights.
>
> Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSE+I, MCT,
> MVP Microsoft MVP - Directory Services
> Microsoft Certified Trainer
>
> For urgent issues, you may want to contact Microsoft PSS directly. Please
> check http://support.microsoft.com for regional support phone numbers.
>
> Infinite Diversities in Infinite Combinations
>
 
Re: do I need win2k server

As Ace Fekay said, you don't "need" a server or a domain for your home environment. Having a server
or a Windows domain does not in and of itself increase the overall security of your home computers -
depends on what you are attempting to accomplish (e.g. security re internal threats or security re
external threats).

Your router most likely implements Network Address Translation (NAT), which will prevent many types
of direct network attacks. More of a concern is web and email based attacks which require a user to
visit a web page, download a file or open an email attachment. Whether or not there is a domain or
server in the picture won't help much with those - antivirus and other malware detection/prevention
tools and user education are needed to deal with them.

However, if you're up to the challenge and want to spend the money on a Windows Server license,
there are definitly some advantages. I've been running an Active Directory domain at home for some
years now and it has proven useful:

1. centralized user account administration
2. GPOs to do things like pushing groups into local groups using Restricted Groups, configuring
screen saver, pushing network printer connections, configuring Windows Update, configuring the
Windows firewall
3. using WSUS 3 to manage updates (saves having to download the updates over the relatively slow
Internet connection seperatly for each computer, distributes updates automatically to clients)
4. using DFS (I keep most of my data on disks in the server)

Windows Server with Active Directory, DFS and WSUS doesn't need much procesing capacity for a small
environment. I ran these for several years on a PIII 1 G Hz with 768 MB RAM under Windows 2003 and
later, Windows 2008. It was a bit slow for interactive work (e.g. interacting with the WSUS user
interface) but was perfectly adequate. On the other hand, computer hardware is getting to be quite
cheap these days - a new computer with a quad core processor with 8 GB of RAM costs less than what I
paid for the PIII etc. several years ago!

If you decide to use WSUS, be aware that the update data store will be in the order of 20GB or more
(depending on what products etc. you decide to support). The first "synchronization" will download
a lot of stuff (gigabytes!), so it might take many hours.

The DHCP service in the router is a bit primitive, but again is adequate. I don't run DHCP on the
server.

You might find the two documents near the bottom of the page at
http://members.shaw.ca/bsanders/WindowsGeneralWeb/DomainAndActiveDirectory.htm interesting.
--
Bruce Sanderson
http://members.shaw.ca/bsanders/
It's perfectly useless to know the right answer to the wrong question.


"tuuf" <tuuf@discussions.microsoft.com> wrote in message
news:0636A4B4-36D7-4435-87A0-3253A5E4652E@microsoft.com...
>I do have basic knowledge with AD, DNS, and DHCP on win2k server.
> When you say windows server provides much better security than a router
> could you explain further (or point me to some articles I can read).
> Remember, I would be using windows 2000 server and winxp as workstations.
> If I do setup a server and only setup the workstations in a workgroup......
> does this
> negate the security benefits. Is it best to join a domain?
>
> thanks,
> mike
>
> "Ace Fekay [MVP Direcrtory Services]" wrote:
>
>>
>> "tuuf" <tuuf@discussions.microsoft.com> wrote in message
>> news:A0D3EC91-77CC-43FB-B4A4-A20A343BB4A8@microsoft.com...
>> > In a home setting with 5 computers running winxp would there be any need
>> > to
>> > run a server environment ? Can user rights, priviledges, and dhcp be
>> > accomplished with security settings within winxp and a router? Would I be
>> > sacrificing anything doing this within a workgroup or would it be better
>> > to
>> > setup a domain in a server setting?
>>
>> You could use a server if you wanted to. But that depends on your knowledge
>> of Active Directory and DNS. There's much to know and understand how it
>> works. Too complex for a home owner who doesn't work with it day to day or
>> has no experience with it. There's also the cost associated with it, such as
>> buying a machine suitable to run a DC, and you could use a highend desktop
>> if you wanted, and of course the price of Windows Server 2003 or 2008.
>>
>> A router's DHCP does not offer any security. Of course it depends on the
>> router, but all in all, it's nothing like what a server has to offer.
>>
>> So in summary, no you don't really need one if security is the only factor
>> involved. You can use antivirus, Windows Defender, Windows Firewall, as well
>> as installing an additional antispyware on all machines and you should be
>> ok.
>>
>> --
>> Regards,
>> Ace
>>
>> This posting is provided "AS-IS" with no warranties or guarantees and
>> confers no rights.
>>
>> Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSE+I, MCT,
>> MVP Microsoft MVP - Directory Services
>> Microsoft Certified Trainer
>>
>> For urgent issues, you may want to contact Microsoft PSS directly. Please
>> check http://support.microsoft.com for regional support phone numbers.
>>
>> Infinite Diversities in Infinite Combinations
>>
 
Re: do I need win2k server


"Bruce Sanderson" <bsanders@newsgroups.nospam> wrote in message
news:u0IaFE$%23IHA.2056@TK2MSFTNGP05.phx.gbl...
> As Ace Fekay said, you don't "need" a server or a domain for your home
> environment. Having a server or a Windows domain does not in and of
> itself increase the overall security of your home computers - depends on
> what you are attempting to accomplish (e.g. security re internal threats
> or security re external threats).
>
> Your router most likely implements Network Address Translation (NAT),
> which will prevent many types of direct network attacks. More of a
> concern is web and email based attacks which require a user to visit a web
> page, download a file or open an email attachment. Whether or not there
> is a domain or server in the picture won't help much with those -
> antivirus and other malware detection/prevention tools and user education
> are needed to deal with them.
>
> However, if you're up to the challenge and want to spend the money on a
> Windows Server license, there are definitly some advantages. I've been
> running an Active Directory domain at home for some years now and it has
> proven useful:
>
> 1. centralized user account administration
> 2. GPOs to do things like pushing groups into local groups using
> Restricted Groups, configuring screen saver, pushing network printer
> connections, configuring Windows Update, configuring the Windows firewall
> 3. using WSUS 3 to manage updates (saves having to download the updates
> over the relatively slow Internet connection seperatly for each computer,
> distributes updates automatically to clients)
> 4. using DFS (I keep most of my data on disks in the server)
>
> Windows Server with Active Directory, DFS and WSUS doesn't need much
> procesing capacity for a small environment. I ran these for several years
> on a PIII 1 G Hz with 768 MB RAM under Windows 2003 and later, Windows
> 2008. It was a bit slow for interactive work (e.g. interacting with the
> WSUS user interface) but was perfectly adequate. On the other hand,
> computer hardware is getting to be quite cheap these days - a new computer
> with a quad core processor with 8 GB of RAM costs less than what I paid
> for the PIII etc. several years ago!
>
> If you decide to use WSUS, be aware that the update data store will be in
> the order of 20GB or more (depending on what products etc. you decide to
> support). The first "synchronization" will download a lot of stuff
> (gigabytes!), so it might take many hours.
>
> The DHCP service in the router is a bit primitive, but again is adequate.
> I don't run DHCP on the server.
>
> You might find the two documents near the bottom of the page at
> http://members.shaw.ca/bsanders/WindowsGeneralWeb/DomainAndActiveDirectory.htm
> interesting.
> --
> Bruce Sanderson


Excellent post and I agree with all of it! One thing to add, secure updates
into DNS (with AD integrated zones) and forcing DHCP to update for clients
in an AD infrastructure, that a router doesn't support. Also DNS zone
scavenging and configuring DHCP to update current records with a client's
new IP.

Ace
 
Re: do I need win2k server

thank you very much. Rarely do I get such a detailed informative response
like that..... much appreciated. I also found your website link very useful
as well.


mike

"Bruce Sanderson" wrote:

> As Ace Fekay said, you don't "need" a server or a domain for your home environment. Having a server
> or a Windows domain does not in and of itself increase the overall security of your home computers -
> depends on what you are attempting to accomplish (e.g. security re internal threats or security re
> external threats).
>
> Your router most likely implements Network Address Translation (NAT), which will prevent many types
> of direct network attacks. More of a concern is web and email based attacks which require a user to
> visit a web page, download a file or open an email attachment. Whether or not there is a domain or
> server in the picture won't help much with those - antivirus and other malware detection/prevention
> tools and user education are needed to deal with them.
>
> However, if you're up to the challenge and want to spend the money on a Windows Server license,
> there are definitly some advantages. I've been running an Active Directory domain at home for some
> years now and it has proven useful:
>
> 1. centralized user account administration
> 2. GPOs to do things like pushing groups into local groups using Restricted Groups, configuring
> screen saver, pushing network printer connections, configuring Windows Update, configuring the
> Windows firewall
> 3. using WSUS 3 to manage updates (saves having to download the updates over the relatively slow
> Internet connection seperatly for each computer, distributes updates automatically to clients)
> 4. using DFS (I keep most of my data on disks in the server)
>
> Windows Server with Active Directory, DFS and WSUS doesn't need much procesing capacity for a small
> environment. I ran these for several years on a PIII 1 G Hz with 768 MB RAM under Windows 2003 and
> later, Windows 2008. It was a bit slow for interactive work (e.g. interacting with the WSUS user
> interface) but was perfectly adequate. On the other hand, computer hardware is getting to be quite
> cheap these days - a new computer with a quad core processor with 8 GB of RAM costs less than what I
> paid for the PIII etc. several years ago!
>
> If you decide to use WSUS, be aware that the update data store will be in the order of 20GB or more
> (depending on what products etc. you decide to support). The first "synchronization" will download
> a lot of stuff (gigabytes!), so it might take many hours.
>
> The DHCP service in the router is a bit primitive, but again is adequate. I don't run DHCP on the
> server.
>
> You might find the two documents near the bottom of the page at
> http://members.shaw.ca/bsanders/WindowsGeneralWeb/DomainAndActiveDirectory.htm interesting.
> --
> Bruce Sanderson
> http://members.shaw.ca/bsanders/
> It's perfectly useless to know the right answer to the wrong question.
>
>
> "tuuf" <tuuf@discussions.microsoft.com> wrote in message
> news:0636A4B4-36D7-4435-87A0-3253A5E4652E@microsoft.com...
> >I do have basic knowledge with AD, DNS, and DHCP on win2k server.
> > When you say windows server provides much better security than a router
> > could you explain further (or point me to some articles I can read).
> > Remember, I would be using windows 2000 server and winxp as workstations.
> > If I do setup a server and only setup the workstations in a workgroup......
> > does this
> > negate the security benefits. Is it best to join a domain?
> >
> > thanks,
> > mike
> >
> > "Ace Fekay [MVP Direcrtory Services]" wrote:
> >
> >>
> >> "tuuf" <tuuf@discussions.microsoft.com> wrote in message
> >> news:A0D3EC91-77CC-43FB-B4A4-A20A343BB4A8@microsoft.com...
> >> > In a home setting with 5 computers running winxp would there be any need
> >> > to
> >> > run a server environment ? Can user rights, priviledges, and dhcp be
> >> > accomplished with security settings within winxp and a router? Would I be
> >> > sacrificing anything doing this within a workgroup or would it be better
> >> > to
> >> > setup a domain in a server setting?
> >>
> >> You could use a server if you wanted to. But that depends on your knowledge
> >> of Active Directory and DNS. There's much to know and understand how it
> >> works. Too complex for a home owner who doesn't work with it day to day or
> >> has no experience with it. There's also the cost associated with it, such as
> >> buying a machine suitable to run a DC, and you could use a highend desktop
> >> if you wanted, and of course the price of Windows Server 2003 or 2008.
> >>
> >> A router's DHCP does not offer any security. Of course it depends on the
> >> router, but all in all, it's nothing like what a server has to offer.
> >>
> >> So in summary, no you don't really need one if security is the only factor
> >> involved. You can use antivirus, Windows Defender, Windows Firewall, as well
> >> as installing an additional antispyware on all machines and you should be
> >> ok.
> >>
> >> --
> >> Regards,
> >> Ace
> >>
> >> This posting is provided "AS-IS" with no warranties or guarantees and
> >> confers no rights.
> >>
> >> Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSE+I, MCT,
> >> MVP Microsoft MVP - Directory Services
> >> Microsoft Certified Trainer
> >>
> >> For urgent issues, you may want to contact Microsoft PSS directly. Please
> >> check http://support.microsoft.com for regional support phone numbers.
> >>
> >> Infinite Diversities in Infinite Combinations
> >>
>
>
 
Back
Top