+ Post New Thread
Page 2 of 3 FirstFirst 123 LastLast
Results 16 to 30 of 35
Windows Thread, Admin Network in Technical; [quote="localzuk"] Originally Posted by Disease Originally Posted by ittech Pretty simple really, there is no need to have seperate networks ...
  1. #16
    Disease's Avatar
    Join Date
    Jan 2006
    Posts
    1,079
    Thank Post
    116
    Thanked 70 Times in 48 Posts
    Rep Power
    56

    Re: Admin Network

    [quote="localzuk"]
    Quote Originally Posted by Disease
    Quote Originally Posted by ittech
    Pretty simple really, there is no need to have seperate networks these days in a 2003 environment.

    He said there was no real need.
    He said no need which is a statement of fact you said no real need which isnt' a statement of fact. I ma saying that to say there is no need (Fact) is incorrect.

    Active Directory directory service provides the means to manage the identities and relationships that make up network environments. Saying that Windows 2003 domain structure should be just as secure as 2 seperate networks, that's the whole point of active directory is also incorrect. Two physically seperate networks is always going to be more secure. :P

    I am sure the Linux users here would testify that you don't need Active Directory or Windows 2003 to have a secure network.

  2. #17

    Join Date
    Mar 2007
    Location
    Devon
    Posts
    1,041
    Thank Post
    225
    Thanked 63 Times in 56 Posts
    Rep Power
    29

    Re: Admin Network

    1 network 1 domain 5 servers always worked fine for us with no security probs.

  3. #18

    localzuk's Avatar
    Join Date
    Dec 2006
    Location
    Minehead
    Posts
    17,528
    Thank Post
    513
    Thanked 2,406 Times in 1,862 Posts
    Blog Entries
    24
    Rep Power
    822

    Re: Admin Network

    Quote Originally Posted by Disease
    Active Directory directory service provides the means to manage the identities and relationships that make up network environments. Saying that Windows 2003 domain structure should be just as secure as 2 seperate networks, that's the whole point of active directory is also incorrect. Two physically seperate networks is always going to be more secure. :P

    I am sure the Linux users here would testify that you don't need Active Directory or Windows 2003 to have a secure network.
    Nope, that is simply not true. As someone else pointed out before - if you have 2 networks, you have to worry about maintaining 2 separate security policies, 2 sets of servers with updates, 2 sets of users etc...

    Also, Active Directory was designed to allow a secure way of operating a Windows based network. It improved on the old 'trust' based system of NT server and it also increased overall security via GPO's and integration with Windows XP. Those combined make as much of a secure system as having 2 separate networks.

    Under a combined system, this can be managed in one simple way - a single security policy under a single domain.

    There is simply no need, in a school, to go further than one domain. There is no legal requirement, no technical reason and it shouldn't be justifiable when it comes to budgets either - it just makes things difficult for staff who get confused with different usernames all the time.

  4. #19

    FN-GM's Avatar
    Join Date
    Jun 2007
    Location
    UK
    Posts
    15,770
    Thank Post
    861
    Thanked 1,663 Times in 1,448 Posts
    Blog Entries
    11
    Rep Power
    442

    Re: Admin Network

    One parent domain, to child ones, and 16 (ish) grandchild domains on each of the child domains.

    In the CLC were I have been working they provide content filtering, internet etc. We have 2 sites. The child domains are one for each site and the grandchild ones are for one domain for each school. Every school has there own servers on there site. We are linked upto each school via fibre. We have 4 full 7 ft racks in each building full of servers for various things.

    100mb internet connection, we only have one domain per site.

  5. #20
    Oops_my_bad's Avatar
    Join Date
    Jan 2007
    Location
    Man chest hair
    Posts
    1,738
    Thank Post
    438
    Thanked 53 Times in 50 Posts
    Rep Power
    30

    Re: Admin Network

    You would be hard pressed to find any company running 2 such disparate networks these days, how inefficient would that be!? I'm sure if it's good enough for them it's good enough for us. As long as you know what you're doing you should be fine (although by no means be complacent).

  6. #21

    Join Date
    Jan 2006
    Location
    Surburbia
    Posts
    2,178
    Thank Post
    74
    Thanked 307 Times in 243 Posts
    Rep Power
    115

    Re: Admin Network

    by no means be complacent
    The MS line on this kind of scenario was to give [sensitive group] their own member server(s) for their top-secret data & apps and require IPSec on those servers.

  7. #22
    Grommit's Avatar
    Join Date
    Sep 2006
    Location
    Weston-super-Mare
    Posts
    1,335
    Thank Post
    31
    Thanked 54 Times in 31 Posts
    Rep Power
    24

    Re: Admin Network

    Quote Originally Posted by Disease
    Quote Originally Posted by ittech
    Pretty simple really, there is no need to have seperate networks these days in a 2003 environment.
    Disagree with that there is always a need for added security. My networks are ultra secure but I still like the comfort of having seperate networks and I will never change on that.

    We have 2 networks here and a stack of servers.
    How do you run Exchange and SIMS over the 2 Domains ?

    Do staff have 2 seperat logons for each Domain.. and can Admin Staff logon to the Curricilum Domain ?

  8. #23
    zag
    zag is offline
    zag's Avatar
    Join Date
    Mar 2007
    Posts
    3,738
    Thank Post
    894
    Thanked 414 Times in 348 Posts
    Blog Entries
    12
    Rep Power
    85

    Re: Admin Network

    Just in case people are keeping 2 seperate domains for historical reasons, it really is easy to merge them.

    All you need to do is demote the Admin DC, then join it to the domain, and create the users again. It really is that simple, it took us about 2hrs to complete the procedure.

  9. #24

    Join Date
    Sep 2005
    Location
    Leicester, UK
    Posts
    123
    Thank Post
    0
    Thanked 0 Times in 0 Posts
    Rep Power
    0

    Re: Admin Network

    Quote Originally Posted by MK-2
    here 2 networks two domains linked via a router allowing sims info to pass between.
    no we didnt set that up, it was the council way, they didn't want it merged for security reasons
    What security reasons have they told you? I have basically been told that there is a "direct" link from the School to the council and the reason they split the two up is because of security with students possibly compromising it (primary by the way).
    I am still yet to understand the real reason. We have two networks (1 wire and they become 1) and two sets of usernames and passwords.
    We have a company called INDEXTeam who "manage" the admin network and i look after curriculum. I am more then capable of looking after both and cant imagine how much money could actually be saved by me doing that.

    Quote Originally Posted by Disease
    Quote Originally Posted by ittech
    Pretty simple really, there is no need to have seperate networks these days in a 2003 environment.
    Disagree with that there is always a need for added security. My networks are ultra secure but I still like the comfort of having seperate networks and I will never change on that.

    We have 2 networks here and a stack of servers.
    What is the need? Enlighten me? A secure network should be just as secure no matter what data etc you have or what services are run.

    Quote Originally Posted by Gatt
    2 Lans, Well V-Lans 1 Curric, 1 Admin

    Setup & maintained by LEA - well the Curric Domain isn't but the VLAN is - Pain in the a**e as have to go thru all the red tape (or should the be Pink as were are "IN Salford") to get a port switched

    Think they chose the VLAN ports at random as ther is no logic to what Port belongs to what VLANs
    Yeah our admin domain is maintained by Index via the LEA (www.indexteam.co.uk or com).

    Thanks
    Matt

  10. #25
    ajbritton's Avatar
    Join Date
    Jul 2005
    Location
    Wandsworth
    Posts
    1,632
    Thank Post
    23
    Thanked 75 Times in 45 Posts
    Rep Power
    34

    Re: Admin Network

    This is an argument that comes up from time to time and will probably run and run.

    There are numerous reasons for having multiple domains and even multiple forests. These may be based on security policies or risk assessments and unless anyone has been through this process, I think that all discussions are somewhat moot. Microsofts guidelines are that you start with a single domain and break it down if necessary. If you need different password or other domain level settings then you need multiple domains. If you need total service or data isolation then seperate forests are the way to go.

    For what it's worth, our sites run on a single LAN with no routing or isolation at the network layer. We operate single forests with an Admin forest root domain and an additional tree with the Curriculum domain. This lets us run a single Exchange organization (single forest); maintain seperate password policies and user accounts (dual domains). We value the isolation that the additional domain gives to our Admin systems especially when so many contractors (unlikely to be CRB checked) who may be installing software on our curriculum networks are simply handed the Administrator password when they ask for it.

  11. #26

    Join Date
    Feb 2007
    Posts
    27
    Thank Post
    0
    Thanked 0 Times in 0 Posts
    Rep Power
    0

    Re: Admin Network

    Thanks to everyone for their input - plenty of scenarios to think about, but the majority view seems to be for a single network and domain...

    Mark.

  12. #27
    Grommit's Avatar
    Join Date
    Sep 2006
    Location
    Weston-super-Mare
    Posts
    1,335
    Thank Post
    31
    Thanked 54 Times in 31 Posts
    Rep Power
    24

    Re: Admin Network

    Quote Originally Posted by Maxell
    Thanks to everyone for their input - plenty of scenarios to think about, but the majority view seems to be for a single network and domain...

    Mark.
    It's abput 80 - 20 for a Single Domain for a Single School.... So only 20% are making additional work for themselves...

  13. #28
    ajbritton's Avatar
    Join Date
    Jul 2005
    Location
    Wandsworth
    Posts
    1,632
    Thank Post
    23
    Thanked 75 Times in 45 Posts
    Rep Power
    34

    Re: Admin Network

    Quote Originally Posted by Grommit
    Quote Originally Posted by Maxell
    Thanks to everyone for their input - plenty of scenarios to think about, but the majority view seems to be for a single network and domain...

    Mark.
    It's abput 80 - 20 for a Single Domain for a Single School.... So only 20% are making additional work for themselves...
    ... and the other 80% not doing their jobs properly :twisted:

  14. #29

    Michael's Avatar
    Join Date
    Dec 2005
    Location
    Birmingham
    Posts
    9,241
    Thank Post
    239
    Thanked 1,567 Times in 1,249 Posts
    Rep Power
    339

    Re: Admin Network

    In the days of Windows 95, it was recommended to have separate Admin and Curriculum networks, but now (for many years) adopting Windows Server 2003 and Active Directory, I operate one domain for all.

    As a few of you have already mentioned - Pupils, Staff and Admin Staff are all in their own OUs. NTFS of course controls access to shares and if setup correctly works just fine. All the schools I support have one Curriculum server, one Admin server and a proxy server. Especially now with SQL 2005, the Admin side of things definitely needs its own server.

    The problem I see with two separate domains, is two of everything else! It does increase the workload in my opinion. Active Directory is a marvellous tool

  15. #30
    Oops_my_bad's Avatar
    Join Date
    Jan 2007
    Location
    Man chest hair
    Posts
    1,738
    Thank Post
    438
    Thanked 53 Times in 50 Posts
    Rep Power
    30

    Re: Admin Network

    god will this issue ever go away :twisted:

SHARE:
+ Post New Thread
Page 2 of 3 FirstFirst 123 LastLast

Similar Threads

  1. SIMS and admin network support - Buckinghamshire
    By SpecialAgent in forum Educational IT Jobs
    Replies: 0
    Last Post: 13th July 2007, 10:12 AM
  2. Replies: 8
    Last Post: 19th July 2006, 01:48 PM
  3. Access Denied from Admin Network
    By MrDylan in forum ICT KS3 SATS Tests
    Replies: 9
    Last Post: 25th April 2006, 12:09 PM
  4. Assistant Network Managers admin rights.
    By tosca925 in forum How do you do....it?
    Replies: 11
    Last Post: 8th December 2005, 01:32 PM
  5. urgent network admin dev plan
    By russdev in forum School ICT Policies
    Replies: 4
    Last Post: 16th November 2005, 07:50 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •