Domains and Workgroups

Previous page
Table of content
Next page

  < Day Day Up > 


Microsoft provides for two different networking models in their operating systems: workgroups and domains. Windows Small Business Server supports only the domain model of Microsoft networking, but it’s worthwhile to go over why this decision makes sense, even in a very small business.

Do Workgroups Work?

Microsoft introduced the concept of the workgroup with Microsoft Windows for Workgroups. The workgroup is a logical grouping of several computers whose work or users are connected and who want to share their resources with each other. Usually, all the computers in a workgroup are equal, which is why such setups are referred to as peer-to-peer networks.

Workgroup networks are appealing because they’re easy to set up and maintain. Individual users manage the sharing of their resources by determining what will be shared and who will have access. A user can allow other users to use a printer, a CD-ROM drive, an entire hard drive, or only certain files. The difficulty arises when it’s necessary to give different levels of access to different users. Passwords can be used for this purpose in a limited way, but as the network gets larger, passwords proliferate and the situation becomes increasingly complicated. Users who are required to have numerous passwords start using the same one over and over or choose passwords that are easy to remember and therefore easy to guess, and there is no way to enforce a minimum password quality level. If someone leaves the company to work for your biggest competitor, passwords have to be changed and everyone in the workgroup has to be notified of the new passwords. Security, such as it is, falls apart.

Another problem that occurs when a workgroup becomes too large is that users have difficulty locating the resources they need. The informal nature of workgroups also means that centralized administration or control is nonexistent. Everything has to be configured computer by computer. This lack of central administration and control, along with the limited security, makes the workgroup model a bad choice for all but the home network.

Defining Domains

To provide a secure and easy-to-manage environment that takes full advantage of Active Directory and the collaborative features of Microsoft Exchange 2003 and the other components of Windows Small Business Server, Microsoft made the decision to use a full, domain networking environment. Management is simplified and centralized on the server, reducing the complexity and security problems caused by having to manage users, resources, and passwords across multiple clients.

A domain is really just a type of workgroup that includes a server. It is a logical grouping of users who are connected by more than the cables between their computers. The goal of a domain is to let users share resources within the group and to make it easier for the group to work. However, the key difference is the existence of a server for the group that provides a single point of administration and control.

Note 

The Microsoft Active Directory domain isn’t the same as an Internet domain. In this book, we use “domain” only in the Microsoft networking sense of the word. We’ll let you know when we’re talking about an Internet domain name.

Additional Users

When adding a new user to the domain, you won’t need to go around to each computer and enter all the information. As the administrator, you can simply connect to the server and add the new user, using the Server Management application. You can create the user’s mailbox, set up their home folder, add them to security and distribution groups, configure their Share Point access, set up disk quotas, and even configure a client computer for them—all with only a few clicks and the entering of the user name and password. The change will be immediately seen across the entire domain.

All users, including the newest, can get at their resources, no matter which machine is being used. Permission to access resources is granted to individual users (or a group of users), not to individual computers. And when you need to restrict access to a sensitive document or directory, you need to log on to only a single workstation to make the change across the entire domain. You can easily and quickly grant or restrict access by individual user or by groups of users.

Access Control

In a workgroup, there are limitations on sharing your machine’s resources with the rest of the workgroup. At the simplest level, you can either share the resource or not share it. Beyond that, you can require a password for a particular level of access to the resource. This enables only a very limited ability to control access to the resource. And virtually none if your machine is physically accessible to anyone but yourself.

Windows Small Business Server provides discretionary access control, which allows, for example, some users to create a document or make changes to an existing one while other users can only read the document and still other users can’t even see it. You can set access for:

  • An individual file or files within a directory

  • The entire directory

Windows Small Business Server lets you make selection as fine or as coarse as needed and makes the administration of security easy to manage.

Domain Components

A Windows Small Business Server domain has at least two main components and an optional third component:

  • Domain controller

  • Member server (optional)

  • Workstations or clients

Let’s take a look at these components.

Domain Controller

The main computer in the Windows Small Business Server domain is the domain controller. In most Windows Small Business Server domains, the domain controller will be the only server. It hosts Active Directory and all components of Windows Small Business Server, as well as acts as the file and print server for the domain. All computers in the domain must authenticate to the domain controller, and all domain security is controlled by it.

Member Servers

In some larger domains, additional Windows Server 2003 computers might be in the domain. These computers can be used to spread some of the network’s resource load around so that the domain controller doesn’t carry the whole load, and they can even be the Exchange or SQL Server host if you buy separate, stand-alone versions of these products. Unfortunately, the bundling and licensing of Windows Small Business Server 2003 allows the installation of the Windows Small Business Server CD versions on only the main Windows Small Business Server computer.

Workstations or Clients

All the clients of a Windows Small Business Server network must be running Windows 95 or later, but in most networks they will be running Windows XP Professional. For this book, we assume that Windows XP Professional is the client operating system. If we need to talk about earlier versions of Windows, we’ll clarify that for you.

Note 

Windows Small Business Server does not support the use of Windows XP Home Edition as a client. All Windows XP clients on the network must be running the Professional edition or Windows XP Tablet PC Edition, which is a superset of Windows XP Professional.


 < Day Day Up > 


Previous page
Table of content
Next page
Microsoft Windows Small Business Server 2003 Administrator's Companion
Microsoft Windows Small Business Server 2003 Administrators Companion (Pro-Administrators Companion)
ISBN: 0735620202
EAN: 2147483647
Year: 2004
Pages: 224
Authors: Charlie Russel, Sharon Crawford, Jason Gerend
BUY ON AMAZON
Postfix: The Definitive Guide
Service-Oriented Architecture (SOA): Concepts, Technology, and Design
Sap Bw: a Step By Step Guide for Bw 2.0
Junos Cookbook (Cookbooks (OReilly))
Visual Studio Tools for Office(c) Using C# with Excel, Word, Outlook, and InfoPath
User Interfaces in C#: Windows Forms and Custom Controls
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy