Windows Workgroup Vs. Windows 2003 Security Models
Essay by review • January 14, 2011 • Essay • 845 Words (4 Pages) • 1,001 Views
Part of managing a Windows Server 2003 network environment requires an administrator to be familiar with both of the different security models that can be implemented along with the roles that a server can hold. The two different security models used in Windows network environments are the workgroup model and the domain model. Please discuss in 500-600 words both options and explain why you would choose one over the other for your implementation.
When configuring windows networking, two major approaches are valid to secure all the network resources, the workgroup approach and the Domain approach. The workgroup approach is simply to create a windows peer-to-peer network with a decentralized security system. This workgroup security approach does not require a special server with an acceptable amount of hardware or the knowledge associated with the administration and maintenance of an advance server environment. On the other hand a windows network at the enterprise level would be too difficult to install and maintain by using the workgroup security model. Not only would be difficult or nearly impossible but it would lack the tight security that this type of systems required. In this case a Domain approach is the ideal solution for controlling and managing all the network resources.
Independent Windows workgroups are "collections of machines configured to advertise themselves as belonging loosely to a workgroup or group of machines" with a common name. In workgroups there is not centralized management of objects such as user accounts, machines and printers. Management of resources is maintained by a database residing in each machine. Sharing of resources and access control to printers and files is done in a peer-to-peer fashion. This security model is the default of any windows operating systems where the workgroup name is "Workgroup."
Setting up an Independent Windows Workgroup is very simple; each member computer will have the same workgroup name and will have different computer names to be identified in the workgroup. Machines that are members of the same Windows workgroup will be able to browse each other under the network neighborhood.
I would choose this implementation for a small network that contains no more than 15 to 20 computers at most and where security is not a high priority concern. Some advantages of using this type of scenario include the ability to manage windows workgroup since has a small number of computers that can be managed individually. Application servers, services or workstation software can be run off one or few machines rather than employing extensive active directory schema changes to be accomplished in a domain model. Complying with third party vendors' software and hardware can be achieved in a simple manner and migrating or installing new operating systems is an easy task that it would not be an option in a Windows Active Directory domain.
This simplicity comes to a price since by deploying a windows workgroup, other functionality and advantages of a Domain model is lost or not applicable and security can be compromised. For example, when deploying
...
...