Management & security opinions?

[BobMCT]

I inherited a small office network with 12 machines all Win XP Pro SP3. They are all in various states of update and all run their own AV program.

In all your opinions, what would be recommended to best manage and maintain the access and security, policy management AND enforncement, update push, nas access, etc for this size network? I am thinking Active Directory but know almost nothing about it. Is it worth the effort? I am assuming it must reside on a Win Server 2008+ machine to control all the other machines.

Any advice and recommendations anyone can provide, pro/con, would be really appreciated.
Thanks

 

[goombawaho]

For 12 machines??? Roll up your sleeves and do it manually. Get them all at the same level of everything (windows patches, Java, Flash, Shockwave, Acrobat, IE or Firefox, anti-virus program, etc.)

A server and server software would cost you (just guessing) $1000 - $2000 depending on the hardware purchased. Does your boss like spending money or you to spend his money???

I did 50 PCs with no management or active directory and that was the "side" job in addition to my network admin duties.

 

[smah]

This size is small enough to do manually, but AD would probably still make life a little easier. You will have to consider the cost of Windows Server + CAL's in your decision of wether or not it's worth it. You can get a 60 day trial of Small Business Server for evaluation & testing if you you have some hardware available to run it on.

If you go the manual route, set all regular user accounts as standard/limited users can create 1 admin account with password (for you) on every machine. Update & patch to some standardized level and go from there. If network storage is needed there are several linux options using samba that would be relatively low cost.

 

[goombawaho]

That's what I had said: money vs. manual labor. If your pockets are deep, go for it and make your life easier.

Anywhere I've worked, that number of PCs would not justify a purchase of a server license, server and CALs.

The idea of non-admin users for the users is a good one, but some companies won't allow their users to be non-admin. So even though it gives you the shaft (that they can do all kinds of crazy things to their PCs) management won't let you restrict them. Find out what's permissible first.

 

[Sympology]

Agree with the above.

Samaba is a good idea, you could even run it on a normal pc (make sure you back up).


I've never used this, but I know a lot of people do and it may be of some help:

http://www.spiceworks.com/

Robert Wilensky:
We've all heard that a million monkeys banging on a million typewriters will eventually reproduce the entire works of Shakespeare. Now, thanks to the Internet, we know this is not true.