question directed to Bert kindly: what are the advantages of a domain, and how hard is it to set one up? I thought I knew a fair amount about computers, but networks seem to be my Waterloo. I started P2P and found I needed to get a server as windows XP would not let me connect all the computers in my office. My server has a 3-disc RAID array and big battery backup. I am solo, but have about 17 computers as I can only have a single chart open at a time on one computer. I have static IP addresses and just upgraded my wireless network to N. Any great ideas to help "bullet-proof" or speed-up the system?
mkweiss: Great question and you already have a lot of things in place such as RAID3 (a bit outdated though) and battery backup. Here is the deal:
First, for everyone, we need to clear up some issues with the differences of P2P, Client/Server and a domain. This is going to be shocking but in the way most people think or set up their network, there is NO difference between the first two. You can purchase Dell's most expensive server and run Windows Server 2008 and have a peer to peer. Almost all networks on here have clients and main computer connected to a switch so that all computers can see each other. In the old days, P2P was just that: a bunch of computers connected to each other with NO central computer. If you have a "main computer" whether it is the one described above or a little old tiny computer running XP, you still have P2P. The one difference is once could connect more computers on the network as 2008 or whatever OS has few limitations as to how many computers can connect.
XP home is limited to 5 and XP Pro is limited to 10, so you would be out of luck with 17 if I recall the numbers. But, if all computers connect to the central computer one has designated, in essense you have a client (all your workstations) looking at the "main computer" (server) and you have a client/server set up. Now there would be those who would argue but look at ANY diagram online and you will see.
Now a setup with a domain is a whole different thing. You have just gone from a Subaru to a Jaguar. And, to do this, you MUST have a server OS. Most server OS will only run on a computer designed for this.
Now, with a domain, all of your clients are no longer individual workstations. Your users cannot simply log onto "their computer." In fact they cannot log into "their computer." Here is one of the big keys:
1. They MUST log into the server. The server must authenticate them and say, OK, you have shown me that you are a user that can access me so you can log in and use your computer. This is whether the computer is logged off or locked. So, if you were at home and were worried about an issue with someone that shouldn't be using a computer to access data on the server, you could log them off. You could do this other ways...but...much easier this way. And, you will know when and what computer and what user logged into your server at what time and did what.
You can set things up so no client can see another client or access important files on that computer, and there should be no important data on the clients anyway except for Facebook and all of your users grandchildren, etc. (this is joke but is true).
You will be able to set up ALL of your data in folders and ALL of your databases (think AC and your PM software) on the server on one drive that is shared out to the users. Each user will be able to access this by accessing the domain and seeing the entire list of shared folders. Or, their programs will run, because they are accessed to the shared folders.
Now, with a domain, you can determine who does what and who has access to what. This can be tricky to explain but let me try:
1. When you add a user (Susan at the front desk) you choose what level on the SERVER she is. Say a domain admin (not a good idea), a power user, or a user, etc. This is good because when you provide group policies or permissions, she will by default have certain access. Say, she is a user (which she will be) and you allow users access to AC, then she will have access to AC. But, say, you have a folder on the data drive that you want to access only: say all of the info about your users, passwords, your information, etc. you would not allow users permissions to that. So, on a domain you instantly decide who they are. Think of a medical student at a hospital. He or she is designated a medical student user who has access to hardly anything. But, you, would have access to nearly everything except the administrative stuff that IT has. Of course, if you left for the ACUC, you may want to elevate your most trusted employee to domain admin so they could run the network (be careful). All of these things can be changed on the fly. As you make the user, you have around four choices to give them. But, you could make a template called "Users plus your folder" and anyone made that could access your folder.
2. Now even though they are all users, you could still decide to keep them from certain things on certain folders. Let's say AC. You as the domain admin could access the AC folder and do ANYTHING to it, because on the properties of that folder the admin would have full permissions (it would be checked off), while the users would have read/write and could do anything, but when you highlight users, you would give that permission but not the Full. The key here is that they would be unable to add, change or delete files. Imagine a disgruntled employee, deleting your .xml file or your database. Very nice work admin.
3. So on the server (the central central) you set shares (all folders that need to be used by a client MUST be shared. But, because of NTFS hard drive formatting, you can set the permissions above. There are hundreds of setting combinations. FYI: I don't go crazy with these, because I actually see a patient once in awhile and this would be great for a part time or full time IT person.
4. This brings us to group policy. Let's say you have ten computers, and three people on computers are billers or scanners or whatever and have NO need to be in a certain folder, AC or anything. Rather than setting their permissions individually (imagine a large network with 250 users fitting that situation), you simply make a group policy that does not have permission to that folder and put their user names in that policy, and boom, they have no permission. You can always take a user out if you need to.
5. Active Directory. When Microsoft rolled out Windows Servers 2003, they added Active Directory. This basically allowed all users and computers and Exchange and all separate applications of the server to be rolled into one AD. It also made overall security such as HIPAA security and encryption easier to implement across the network. It used to be that you need separate passwords for each section such as Exchange or Windows Updates, etc.
6. It is crucial to understand the difference between a domain administrator and a local administrator. A domain administrator is god. He or she can access the server with full rights and can access any local computer with full rights, download and install applications, etc. Anything. By definition a domain admin would also be a local admin on a local client.
7. Your users on THEIR computers -- nothing to do with the server -- also have roles and permissions. A local administrator can do pretty much anything on their computer such as download applications and make changes. You know download games, etc. and put viruses and other nasties on the clients. So you can make them just "users" for THEIR own clients. A lot of anal-retentive ITs will do that. It is just difficult when you try to help them and they are logged on under their non-administrator account and you can't do much. Of course, you can right-click and choose Run AS and be a temporary domain admin. This is one of the most difficult things for a new person running a domain server to understand. Local and domain admins. Pretty much you will be the only domain admin. Your users should NEVER be. But, you can make them a local admin on their own PC.
8. Once you have a domain (and Active Directory) to allow you to set Group Policies, you can do hundreds of things to control your clients. You can control whether they can make wallpaper, change their desktops, what color their wallpaper will be, how long before their screen savers pop up, what their screen saver will be, whether or not the screen save locks them out. There is nothing worse than each user making a collage of their grandchildren.
9. And, almost most important, you can control their passwords. You can make then 8 or 10 or whatever characters and make them use capitals and certain characters, etc. You can change their passwords on the fly. You can make them tell you your password so you have access to their computer (I toyed with letting them have control), but there are too many times you need to install AC on their PC or whatever. Besides, you can always delete their password and make a new one, making them wonder what you did to their computer the night before. And, when they tell you that their password is Fido1234 and the user next to them knows they have a dog named Fido, they can pass that information on. You want difficult passwords, and you can control this.
10. You can control who gets remote access.
11. Crucial -- you can use DHCP from the server (I would never do it from the router -- sorry Wendell), but of course Wendell would never choose to live in Bangor, Maine, lol. You can control the scope of what IP address can be given out. You control the printers and scanners and copiers.
12. I could go on and on and on.
13. Backups are much easier to control.
14. One thing I have always wondered about and talked about on here is when people talk about client/server and P2P, it is always in relation to AC. But, there is so much more than that on your network. I would hope. Like PM other things.
15. Domain networks with Active Directory can be a LOT more fun.
16. Domain networks with Active Directory can be a pain in the [censored] keeping you at the office a lot longer. Up to you.
17. Also this: Imagine, as I do many times, walking into the office and PA number 2 or receptionist says, this or that won't work. You suddenly have to figure out what in the hell did they do to THEIR computer. With a server that controls everything, not only do you have a much easier time of figuring it out, but you have centralized logs for error messages.
18. Centralized antivirus and updates.
19. Never, ever, ever allow a user to touch the server. If a medical student tries to get on the Internet from the server, they fail the rotation.
20. For you: Never change the server once it works unless you have to.
Well, I will stop there. FYI: This is solely based on Microsoft. Those with Linux and Mac will say there's is 100 times better. And, it probably is.
Bert that was an OUTSTANDING post. You boiled it down, but made it clear and complete enough, (I think, I am still pretty ignorant about this stuff). Thanks for your effort.
Martin T. Sechrist, D.O. Striving for the "Outcome Oriented Medical Record".
Leslie Hospital Employed Physician Who Misses The Old AC
"It's a good thing for a doctor to have prematurely grey hair and itching piles. It makes him appear to know more than he does and gives him an expression of concern which the patient interprets as being on his behalf. "
Ok, every once in awhile this subject comes back up. And since PCs and operating systems change so much, its not surprize.
Alice needs a new laptop. I need help picking one. Need a 17" screen. Need a reliable brand that probably wont have a motherboard failure after 18 months. And will 3GB due for memory w/ Windows 7. Oh, Which Windows 7?
Wayne New York, NY Hey, look! A Bandwagon! Let's jump on!
Hope I was right. I am playing with WIN7. Would probably go with Professional, though. But, I am sure you will hear differently. Microsoft has a good comparison chart on its site.
They really could get rid of ultimate since it not a lot a lot different from pro. Starter is only for netbooks but could be a made as a varient of home.
I'm wouldn't think the cost difference would offset the production and storage costs for more models, but then I'm sure they know better than I.
Wendell Pediatrician in Chicago
The patient's expectation is that you have all the answers, sometimes they just don't like the answer you have for them
One last quick note about microsoft servers and operating systems - only XP Pro, Vista Pro, and Windows 7 Pro (and possibly Ultimate) are set up to join a domain network. The other home versions can be made to join but it can be really complicated. So if you have a domain server at your office or plan on getting one, and have to update some computer or the other, get the Pro versions of the operating systems.
Wayne, if Alice needs to join a domain then you need Pro or Ultimate. If she wants to be able to watch DVD's without a hassle and some other multimedia stuff and doesn't need to join a domain then Home Premium is great. If she wants full-drive encryption, all the bells and whistles, and the ability to join a domain and play multimedia easily, then Ultimate. I personally use Home Premium, because I don't need full-drive encryption or the ability to join the domain on my laptop.
I agree with Wayne and Paul. It's crazy to have more than two OS. Hell, just have one. They should combine Pro and Ultimate and Home and Home Premium.
Anyway, I have used both, and I would definitely go with Pro, because A) Ultimate doesn't give you that much more and Pro is meant for a business environment.
As my IT guy once said and I mean this in a very nice way: "What is it about Home you cannot understand?"
Home is meant for home and Pro/Business (they call it different things in different places). One day it will come back to bite you if you go with Home anything.
If you want the ability to make movies and play games and make DVD movies, then get Home Premium. If you want to work in a business environment, then get Busines/Pro or Ultimate. They also integrate better with fax or scanning although I haven't looked at that yet.
Suppose you are like me (not Alice) and use your PC in a business environment, but then take it home and want to watch/burn DVDs and play City of Heroes or Galactic Civilizations?
Wayne New York, NY Hey, look! A Bandwagon! Let's jump on!
We don't have a domain server, but it is possible that we should. Alice doesn't do alot of multimedia, but then she doesn't really know the possibilities either. She didn't used to use Google---till I told her about it and showed her. Now she also uses Wikipedia sometimes. So she MIGHT end up wanting to do something multimedia-like. But if I were to ask her right now, she'd just say no.
Are you saying the Win7 Pro won't let you easily watch a DVD? I mean, its a great way to pass the time of a train from NY to DC with a set of earphones.
Wayne New York, NY Hey, look! A Bandwagon! Let's jump on!
I don't believe you need the b - most everything is g/n - g being what we used to call the fastest and that now surpassed by n.....just to be confusing.
Sorry, some of my post above was meshed in with Vista. Blame Microsoft for that.
I forgot to put the link. No, all of the versions will let you burn a DVD. Home Premium won't allow XP Mode.
It's hard to answer the question if we don't know exactly what it's going to be used for. I was assuming a business environment. I think if I had to choose one that can do most things, I would choose Professional.
And, yes, 3GBs will be more than enough RAM to run WIN7. I would say the minimum is 2GBs and that would work rather well.
Well, its always hard to say what a pc is to be used for. Thats the problem w/ jack@$$ like microsoft who want to have u set your PERSONAL COMPUTER so that it can only function properly in one area. especially laptops. they move. And they have always known that people want to us a home pc to do work at home but then to be able to also do "home things" (dvds, etc)at home. Its not something new. I've read market research reports on this. A decade ago at least.
Wayne New York, NY Hey, look! A Bandwagon! Let's jump on!
It appears that the problems that plagued Vista Business are mostly gone from Windows 7 Professional. I know that I was unable to watch DVD's because I had Vista Business, so I got a bad taste in my mouth because they decided they needed to pull features from that version. It looks like they did better this time, giving you the option for DVD decoding/playing and the networking abilities needed on the Pro side. I would go with Pro if it will be used to connect with other work computers. If it is just for personal/school/internet/game use I would suggest Home Premium.
I would just look at the comparison chart and decide what things you wish to do. Going back and reading your original question, it doesn't sound as if you are going to use this laptop on your network anyway.
On the other hand, for $80 more, you have a full-fledged OS that is capable of running on a domain and probably even a network with more efficiency.
One thing to think about is that with Home Premium, you cannot run it in XP Mode, which could have advantages on a network.
Looks like I'll at least go w/ Pro. Any laptop I get would be used on the network. I could end up doing just about anything on one for my use. For Alice, she's less likely to do typical home version things (absolutely no game playing) but you don't want to get one where she absolutely CAN'T. Thats what bugged me about Vista and is what I'm afraid of. It's kind of like when the national speed limit was 55mph. That didn't mean you made cars so the brakes didn't work at greater speeds.
Wayne New York, NY Hey, look! A Bandwagon! Let's jump on!
I have a Dell sever running MS server 2003. I have thin clients in each treatment room. I also remote desktop into the server from 2 remote offices. This has worled well for 8 years now. 1.Can I run AC on the server and remote in like this? The front office gal and I remote desktop into the server and run the PM software(Sammy) Office Hours and Medinotes e. Medinotes e and Sammy have an interface that loads the demographics from Sammy and imports them into Medinotes e 2. Can I "import" demographic data into AC from my PM or Medinotes e? Looks like I will be able to get rid of Office Hours and replace with the schedule in AS!!
Yes, you can run AC on your server Windows Server 2003, SBS 2003, Windows Server 2008 and SBS 2008. Two people wouldn't be able to use it at the same time though. You could, of course, remote to another computer and use AC. I am not sure if this is your question.
1. Two people using the same user account (and logged onto the same server or machine) could not, however if two people use different user accounts (even when both logged onto Windows Server) when connecting vie Remote Desktop you can both run AC separately.
2. You can probably import the data. Give it a try and see what kind of results you get with some test patient (a.k.a. Tom Jones, Pete Townsend, or whomever you make up). I would try different export formats from AC and see what kind of results you get after importing.
