Results 1 to 4 of 4
  1. #1
    Lounger
    Join Date
    Oct 2014
    Location
    Arizona
    Posts
    30
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Question Workgroup to domain through Active Directory (remotely?)

    First post, always lurked. WS member for years. Great lounge! Thanks

    IT was once my only business but (do to health) I've been away for a bit.

    This is an "I have a client" type question but stoked my interest.
    IS there a way to force 'diffuse' (systems on the cloud only) Windows 7 and 8.1 units "off" a workgroup and into a domain?
    NOW this would be using a 'virtual server' with Active Directory thru Amazon's WS (AWS) cloud offering.
    Without "visiting" any of the systems.

    I do not think there is a way to do this but was "told" there was and I'm not above asking and trying to verify.

    These (55 computers) are not in one building, have no direct cabled connections and access the internet thru separate
    ISP accounts (from the same company). Each is behind a Sonicwall and several are using Wireless Routers (security is an
    issue as THE WHOLE thing revolves around HIPAA).

    Greatly appreciate any insight... even the 'you got to be kiddin'

    Take care.

  2. #2
    WS Lounge VIP
    Join Date
    Dec 2009
    Location
    Earth
    Posts
    8,191
    Thanks
    48
    Thanked 986 Times in 916 Posts
    Belonging to an AD domain requires you are on the "same" network. To do this at a remote location, via the internet, requires setting up a VPN between the sites. Once you have done this your comms between sites are secure and you can join all machines to the domain. Remote sites should have a local Domain Controller and local storage to allow use in the event of site link failure.

    cheers, Paul

  3. #3
    Lounger
    Join Date
    Oct 2014
    Location
    Arizona
    Posts
    30
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Question More

    Yes, Paul, what you say is correct.

    I am only asking about 'changing' the type of 'belonging' from "Workgroup" to "Domain" by (somehow? And "I" don't think you can) more or less forcing such changes
    with A.D.

    I know a startup script can be used but am not sure about pushing that and "all" of this supposition is using a "Cloud" Active Directory.

    The background is an 'amatuer' admiistrator has told his company this can all be done "easily" and, while I'm not currently completely a "cloud" authority I've done
    enought AD and Windows Server to know that Sysprep and 'unattended' joining is not just a 'walk in the park.'

    So, to recap, I've a 'workgroup' based bunch of Win7Pro PCs in groups of 15 to 20 (total about 70) that reside in office clusters physically apart from each other and I am
    just contemplating "IF JOINING" a real Domain is at all worth it (and HIPAA plays into this) AT ALL. I'm incluined to use gpedit.msc and create a scipt to "lock down" the 'workgroup'
    stations and not join an Acitve Directory ... but????

    Thanks for the response.

  4. #4
    WS Lounge VIP
    Join Date
    Dec 2009
    Location
    Earth
    Posts
    8,191
    Thanks
    48
    Thanked 986 Times in 916 Posts
    Sorry, misunderstood the question.

    Whether to join a domain depends very much on what you currently have and what you want to have. If you have working machines and email, then joining a domain will not give you much more. If you want total control of the PCs then a domain might be of value, but as you've already pointed out, local group policy could lock the machines down just as effectively.

    There is no good way AFAIK to enforce privacy policies short of hitting users over the head with a big stick. Education is pretty much your only tool - technology is of limited value. By way of example, I know of a case where an exec wanted to use his ipad regardless, so his secretary forwarded all internal email from his Exchange to his apple email manually. (Expletive deleted)

    cheers, Paul

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •