I visit a lot of small business offices with Windows machines where they have a Windows Server but are not using Active Directory. Instead they tend to use local profiles to log into their local machines (I am using ‘local’ here to mean a desktop or laptop the user is sitting in front of). In my opinion this is a bad idea because of many reasons including, but not limited to:
- Hardware failure: If their machine breaks down they are likely to Loose data and productivity whilst a new one is supplied.
- User permissions:
- It is important to restrict users' ability to carry out system alterations e.g. installing programs (which might contain viruses or spyware).
- Access permissions must be individually set on each machine, rather than centrally organised.
- File shares: most offices use some kind of centralised server based file share, but unless they are setup centrally they can be mapped incorrectly e.g. when updating who has access to which drive or adding a new server.
- Windows Updates can be centralised (using Windows Update Services), reducing the risk of spyware or virus intrusion.
- Software installation: Group policies can be configured to ensure particular software is installed e.g. virus protection with Microsoft Security Essentials.
If you have Windows Server then you can activate Active Directory without any additional license cost, although I would recommend you employ a professional to actually carry out the installation as it isn’t entirely straight forward.
See my related posts on: User Setup; Folder Redirection; Moving Offline Files; Windows Update Services; Microsoft Security Essentials
No comments:
Post a Comment