[dba-Tech] The perfect storm

Gustav Brock gustav at cactus.dk
Fri Feb 14 01:34:45 CST 2014


Hi Peter

Certainly. What we do for a new workstation is to install it using a generic
admin account so we always will be able to access the machine. This will
later only be used for rescue.
Then the machine is joined to the AD. This requires credentials for a Domain
Admin. This user will at once have admin rights for the machine and is used
for all later work that requires elevated privileges.
>From this point any user of the AD can log on the machine, group policies
will be applied (mapped drives and printers etc.), and the user will have
access to all assigned resources. When you - the domain admin - change
these, they are applied globally at once.

The AD is rock stable. We run it from two virtual W2003 servers (I know,
they should be physical, but it works) but you could use any old and stable
hardware capable of launching W2003 as they - for a small shop - run under
nearly zero workload. As Jim points out, I believe Samba can be used as
well:

    https://wiki.samba.org/index.php/Samba_AD_DC_HOWTO

This is so much easier than muffing with the not so stable Workgroup and
local users.

/gustav

-----Oprindelig meddelelse-----
Fra: dba-tech-bounces at databaseadvisors.com
[mailto:dba-tech-bounces at databaseadvisors.com] På vegne af Peter Brawley
Sendt: 13. februar 2014 23:20
Til: Discussion of Hardware and Software issues
Emne: Re: [dba-Tech] The perfect storm

On 2014-02-13 2:25 PM, Gustav Brock wrote:
> Hi Peter
>
> That is true.
>
> Some years ago I finally bite the bullet and installed Active Directory.
It takes a little but saves so much trouble later. Highly recommended.

That would /simplify/ opening all XP, Win7 and Win8 boxes to one another?

PB


>
> /gustav
>
>>>> peter.brawley at earthlink.net 13-02-14 20:59 >>>
> .. To defeat Win8 Rube Goldberg
> "security"---for example in order to allow a network of XP, Win7 and Win8
boxes and their printers & other addons to function cooperatively as one
integrated, open-access system---takes hours and hours.
 





More information about the dba-Tech mailing list