Why Windows Server?

[SYNACK]

Here is an interesting one and one not generally covered from this angle: Why go with a Windows Server based network?

 

Here is the story, I have been asked by a school using linux servers and all Windows XP/7 clients if it would be better to go with Windows Servers and if so, why.

 

I have already given my response but I am interested as to what everyone else would have said incase there are things that I missed.

 

Their current network has no centralised logon resorting to local un-mandatory limited user profiles with shared docs mapped and accessed by a shortcut to a UNC path \\server this then prompted for a username and password which would then show the printers and shared folders avalible to them.

 

What are everyones thoughts?? Stay linux or embrace Windows??

[SimpleSi]

Thats basically what I do in my primary schools - I've used Win98/Linux and W2k3 machines as simple file/dhcp/printer servers with 2 logins (teachers and pupils) and a single shared folder \\server\classwork

 

I use a simple AutoIt script that maps P: drive to each classes subfolder and let the teachers do what they want.

 

I use WPKG as my GPO replacement tool.

 

So the central server is pretty much irrelevant.

 

Having said that, I prefer to use w2k3 for any new schools I take over as I find it quicker and easier to setup than a linux machine (just because of my personal skillsets) and I get the server licence for £50 and cals for a few quid so the extra cost/conveience isn't normally worth it.

 

But I did set up one school using Ubuntu Breezy Badger a few years ago and that worked just as well.

 

regards

 

Simon

PS (In a quiet voice - I run the clients as administrators )

[tmcd35]

Why Windows? A number of reasons, none of them may be particularly good but...

 

• It's what was on the machines when I got here
  
• I don't think a live network is the place to test alternatives
  
• I know how to and am comfortable in administering Windows servers (I've used desktop Linux and MacOS)
  
• The big one - I know have Windows 2008R2 Datacenter covering my virtual host boxes so I can run as meny copies of Windows Server as I like for the exact same cost as running Linux - £0
  

 

That last one is the important one for me. I actually prefer Apache to IIS (as in I know how to administer it better than IIS). So I tend to build WAMP servers when I need a webserver.

 

Ultimate though it depends on you and your expertise. If you know how to, and feel comfortable in, administering Linux then why change? I assume the system is working and there is no reason to change. So if it ain't broke don't fix it.

[SYNACK]

One of the issues is that the system is not performing as they want it to. Moving to up to date versions of Windows on clients will cause even more issues so the existing system is not up to it. They are looking at an upgrade so I'm wondering whether linux would be able to provide for all of the requirements like centralized logon and support of Windows 7 clients. The last time I checked the samba authentication stuff required hacking the XP boxes to disable almost all security and treat it like an NT server. Was wondering if this had improved.

 

Personally I think that a Windows solution is going to be the easiest and most integrated way of doing it but I wanted to know what others thought. I am sure that it would be possible to put something together with Linux but I don't think that it is going to end up as clean and maintainable (by me and others) so that was what I recommeneded. I was just checking if others felt the same way, the question of how to justify/convince people of the benifits of Linux systems come up quite often and I thought it would be different and possibly benifficial to discuss it from the other side.

[gibbo_ap]

here at our place i am way more comfortable with a win environment and my colegue is more comfortable running linux.

 

i would say if you having linux servers have linux clients and vice versa.

[localzuk]

The answer for me is simply 'better integration'.

 

Si says he uses WPKG to replace GPO? How does that work, as it is simply a package distribution system and not a policy system? Wait, just saw that he runs the clients as admins!! That wouldn't be allowed here - as it would effectively mean there was no protection of the network and therefore be a breach of the DPA.

 

Without a central group policy system, how do you effectively lock down the client machines?

[tmcd35]

I am sure that it would be possible to put something together with Linux but I don't think that it is going to end up as clean and maintainable (by me and others) so that was what I recommeneded.

 

You've answered you own question right here. Linux is good and I'm sure if you knew what you were doing it could give you the environment you are after. But installing a new system is tough enough without having to learn and hack new ways. Why reinvent the wheel? You want Win7 clients, Server08R2 is built to support Win7 clients - no need to hack SAMBA or LDAP in to place.

[mthomas08]

Think the only answer not covered, unless I am blind is the fact its the worlds language.

Most techy's of all ages will have a basic concept of Windows server/clients. Maybe I am wrong but to me every time you watch the news and there is a PC in the background its usually a windows logon/screen saver on, to me most business's would choose windows. I have found windows much easier to get in to and much easier to understand the basics and you only really need the basics to get going well enough. Some people might not agree but I would say thats my personal opinion. Windows is something I would always say "stick to". Linux is a bonus to know especially when it comes to "cost cutting" but if you have funding then I would go windows. Another school did come here to look at our system to get some idea of vanilla because they were Linux based, they have since moved to windows.

[sted]

best reason is group policy being able to set settings that apply granuarly to pcs/users from a central location (ok settigns can be altered from workstations but are broadcast out). Simple things like say changing the proxy server are easily achieved with a gpo with a few mouse clicks and a bit of typing (literally the typing is myproxy.somewhere.something and a port number).

 

You can easily assign users their own user area again witha few click and some typing (and do it for gorups) so say all your 2008 kids need user areas you can creata a folder structure say d:\users\2008 then quickly add their home area as something like \\server\users$\2008\%username% and it will link to their account create folders and set permissons for you.

 

If its a win7 only environment id be tempted to ignore mandatory profiles entirely and just using group policy/group policy preferences and redirected start menu/desktop/docs etc just let them log on without one it will have the same effect (and its a pita doing mandatory on win7 as you need to sysprep and last time i tried that it killed the pc)

 

oh and wsus for keeping win7 boxes patched without them all pulling updates down over internet

[FN-GM]

To be honest thats all i really know. I would like to get into Linux i have never had the chance.

[dhicks]

The last time I checked the samba authentication stuff required hacking the XP boxes to disable almost all security and treat it like an NT server.

 

Samba still can't, realisticly, act as a Domain Controller, so if you want Windows workstations everywhere, controlled and locked-down by a central server, then you'll need a Windows server to do that with. Samba works very well as a file server (and tends to be able to do more with more limited hardware), though, and integrates just fine with a Windows domain, so I'd keep your file servers Linux-based. At my last school I simply had one physical machine licensed for Windows Server Enterprise which ran four Windows VMs - DC, print server, apps server and SIMS server, all the other servers were Linux based.

 

Of course, the definition of a "Windows workstation" can vary somewhat. You could run a Linux-based browser-and-thin-client-terminal-only OS on your workstations, doing most stuff in the browser and connecting to Windows VMs / Terminal Servers as needed. Especially using Windows VMs, there should be less need for having workstations under the control of a DC - you're just going to reset the VM back to start settings when the user logs off, so you can let them tinker to their heart's content.

 

--

David Hicks

[elsiegee40]

The biggest argument in favour of Windows is training. Staff trained in the use and maintenance of a Windows network are easy to come by... it is far more common. Changing the network environment could involve retraining staff and lead to difficulties in recruiting replacments or finding emergency cover.

 

I am not saying that this should stop you using Linux, Novell or whatever just that it is a factor.

[EduTech]

Really It is down to own personal skillset, and better integration/control/managment. I guess if the clients were running linux too then it would be different but as the clients are windows i would go with a Windows backend for the fact it's what works best.

 

James.

[dhicks]

best reason is group policy being able to set settings that apply granuarly to pcs/users from a central location

 

We do all seem to be discussing one particular model of network management, where we have a central control server, workstations with differing locally-installed applications that need to be "locked down" the whole time to stop them being broken by day-to-day use and large wodges of user/application settings kocking around the place. This is the model imposed by Windows' way of doing networking, which has always struck me as an afterthought cludged together at the last moment. It'd be a lot simpler if we could do away with update servers, anti-virus servers and so on and have a system designed to be used over a network from the start.

 

--

David Hicks

[localzuk]

We do all seem to be discussing one particular model of network management, where we have a central control server, workstations with differing locally-installed applications that need to be "locked down" the whole time to stop them being broken by day-to-day use and large wodges of user/application settings kocking around the place. This is the model imposed by Windows' way of doing networking, which has always struck me as an afterthought cludged together at the last moment. It'd be a lot simpler if we could do away with update servers, anti-virus servers and so on and have a system designed to be used over a network from the start.

 

--

David Hicks

 

That's kinda outside the scope of this discussion though is it not? If you want windows clients, you're going to need all those things - that's just how it is.

 

Sure, if you have linux clients, or mac clients, then you don't need a windows server setup, but that doesn't really make sense if you have windows available for kids to use.

[glennda]

We run a mix between the two - and it works well - we use Ubuntu and qemu/KVM for the virtualization. Which out performs the likes of ESX and Hyperv as it runs inside the kernel. Squid and Dansguardian for Proxy

 

We have Windows Dc's and Sql Server (sims) - some file servers are Windows and I am slowly moving them to Samba when we replace servers. Also have an ISA server as our gateway but will be changing that at somepoint i presume. Also a Couple of windows app servers for Mcaffee and other windows apps.

 

Nobody could tell from the front end of things that half the backend is linux.

[mrbios]

I think it has to be looked at in a big picture of the job role covering it... finding someone who can manage a linux focused network is going to be harder than finding someone capable of managing a windows network, and considering school IT wages that makes it even more unlikely. So in the long run when the linux man leaves and they need another they will find it difficult to get someone with the required skill set who will work for the pay offered.

 

Personally the only linux boxes we run here are a couple of VMs running as proxy servers, 2 MX servers and a gateway server. Everything else is kept as windows.

[CAM]

linuxgirlie on here maintains a Linux Distro called Karoshi that is designed for schools. Not sure on it's specs but may be worth a look.

 

Also does anyone know how network based accounts will affect security on a linux machine? My understanding is you have a normal user and a super-user (root). And unless you have access to the root user through the su command you can't access anyone else's files on the machine or mess up settings. So LDAP server to authenticate logins and let the client do the rest?

[dhicks]

Sure, if you have linux clients, or mac clients, then you don't need a windows server setup

 

Having Windows clients implies having a Windows Domian Controller available, mostly to stop users breaking the machines by fiddling with the settings. Is there a way to get around that - can you run Windows workstations without having to have them join a domain? As I pointed out previously, could you run them as virtual desktops that simply reset to a given state when the user logs out? Or could you use something like DeepFreeze to maintain your workstations?

 

--

David Hicks

[sted]

We do all seem to be discussing one particular model of network management, where we have a central control server, workstations with differing locally-installed applications that need to be "locked down" the whole time to stop them being broken by day-to-day use and large wodges of user/application settings kocking around the place. This is the model imposed by Windows' way of doing networking, which has always struck me as an afterthought cludged together at the last moment. It'd be a lot simpler if we could do away with update servers, anti-virus servers and so on and have a system designed to be used over a network from the start.

 

--

David Hicks

wouldnt that be a mainframe/thin client /dumb device?

[SYNACK]

Having Windows clients implies having a Windows Domian Controller available, mostly to stop users breaking the machines by fiddling with the settings. Is there a way to get around that - can you run Windows workstations without having to have them join a domain?

 

Any complex system that can do multiple things like a computer is going to contain mistakes or errors that need to be fixed via updates. People are not perfect and systems along with our understanding of them keep changing and evolving. Its funny that you meantion Windows Updates as an issue as I actually removed my Ubuntu box because downloading that may updates was eating a serious chunk out of my bandwith cap. If I want an update a day I'll install Oracle Java and leave it to its own faulty devices.

 

Security through limitation is only feasibly avalible through ultra limited features like a landline phone, stuff with very few features that can be fully understood by a person. No advanced system is imune, just ask all those admins of compromised zombie comand and control linux server, your average ipad/iphone user who happens to look at the wrong pdf or a windows user owned by malware.

 

Total security on systems that scale into the hundreds of millions of transisters is probably somehing that is beond the scope of human ability an I think that we will be waiting for a kind benovolent AI to get to that level or some other simmilar expantion of human ability.

 

Anyhow I think that we have established that the main reasons to go with a Windows Server are pretty much what I put in my initial email to the people involved:

More cheaper support avalible

Better integration and standardisation with Windows Clients.

Features like Group Policy and GPP which give you managment abilities you can't achive with a linux server without massive hacking and huge time spent.