By in General

What are the benefits of a Windows domain?

With small businesses increasingly adopting cloud based file sharing technology (see Box, Dropbox for Business and OneDrive for Business to name but three) is there still a place for the Windows Domain and Active Directory?

What is a Windows Domain?

Not to be confused with internet domains, a Windows domain is a closed system of users and computers that can share resources and adhere to one centrally controlled management structure. Each user and machine belonging to that domain must authenticate with a domain controller in order to access the system.  User accounts, machine accounts, security groups and many other settings are held in a central database called Active Directory.

Some of the benefits for small businesses

Group policy: One of the greatest advantages of Windows domain setup is the ability to use group policy to control all the settings of each workstation in granular detail. Wherever there is a setting in the Windows operating system, group policy allows for it to be set and enforced centrally.  For example, a standard operating environment is achievable as an administrator can enforce a standard company brand, ensure shared resources like file shares and printers are automatically connected and that standard applications are automatically deployed to each machine.  It is possible to prohibit end users from installing any software themselves or you can have a predefined list of approved software available for installation.

Roaming profiles:  In a domain setup, users can login to any machine that is in the domain using their standard active directory credentials.  However, ordinarily, the user experience is not consistent because none of your individual settings (think MS Office toolbars, macros, email signatures, printing defaults etc etc) persist as they are stored locally on your machine.  With roaming profiles, you can log into any machine on the domain and find everything is as you left it.

Windows Update Services (WUS): Without a Windows domain, each PC has individual settings for patch management which creates security concerns and puts pressure on the internet connection. Using WUS it is possible to set a single update policy which all the machines will adhere to. Additionally, the patches and updates are cached on the domain controller so that they are not downloaded again and again from the public internet.

Password policies:  An Active Directory account will conform to a central password policy.  This allows the business to enforce password complexity and frequent changes across the whole team, something which greatly tightens security.

Office 365 Directory Sync: User accounts and passwords can be kept in sync with Microsoft cloud services such as Microsoft Office 365 allowing the user to operate with one set of credentials.

Volume Shadow Copy: If you’re using a Windows file server in a domain environment, it is possible for users to restore previous versions of files and folders on a self-service basis from their workstation.

3rd Party Software: Many third party packages especially security-related, will demand a Windows domain environment.  For example, many business Antivirus products commonly require a domain in order to deploy, maintain and monitor the workstation installations.

Cloud Based: For small organisations, it is possible to get all the benefits of Active Directory without the need for a physical server humming away in the corner of your office.  By using Azure it is possible to have the best of both worlds.

This list is far from exhaustive and there are many other features and benefits.  In fact too many to list here.  Windows domains are still the standard for professional networks and they need not be expensive either.  Microsoft entry level server operating system is under £500.

If you aren’t sure whether your business should be using Windows domains or not and would like further advice then give us a call.

4 Comments

  1. Your article is great, however we have had experience with computers taking too long looking for a profile when they are not connected to the server. How do you get around

  2. Very informative! Is diskless booting also considered a windows domain (since they both essentially involve a server setting most of the control the client has)?

Leave a Reply

Leave a Reply

Your email address will not be published. Required fields are marked *