Nearly everyone reading this article is familiar with Microsoft Windows, the ubiquitous operating system that likely powers your computers at home and at the office. Hopefully some of you reading this article are aware that Microsoft will be ending support for Windows 7 and Server 2008 in January of 2020, necessitating an upgrade of both of those venerable operating systems to continue receiving critical security updates. What many readers are likely unaware of, is that Windows comes in a variety of editions, and depending upon what the use case is, selecting the correct edition of Windows 10 for home or office use is extremely important.
For more intents and purposes, Windows 10 effectively comes in two flavors: Home and Professional. Home is for what it sounds like it’s for—home use. Windows 10 Professional, then, is for business use. Although they are the same operating system, applying a Professional license key to a copy of Windows 10 unlocks a variety of features that are important to an enterprise. The most important of these features is the ability to join the machine to a domain.
As a Managed Services Provider, we have the responsibility to manage a variety of IT environments—from the small ten-person SMB all the way up to large corporate enterprises. One thing that all of these environments share from a best-practices perspective is that the workstations and servers inside them are joined to a domain. An Active Directory Domain is a collection of objects inside of a network. An object can be a single user, a group of users or computers, or a hardware component like a printer. There are a number of benefits of having machines inside of a network joined to a domain, but chief among them is security.
Best practices for information security in a business environment are based around the idea of “least privileged,” e.g. a user only has access to the permissions and data needed to perform their job function—nothing more, nothing less. A domain is the best means of ensuring that this is configured.
Users themselves are forced to authenticate against the domain to login to their workstations, computers inside the network can be moved into specific security groups within the domain to enable or disable specific features. User accounts themselves can also be members of security groups, which can be given permissions to specific files or folders—you’re probably getting the picture here. A domain environment allows an IT department or provider to centrally manage the security of a business environment.
If these terms or concepts seem foreign to you or to your place of business, consider some of the pain points that you have with your IT environment on a regular basis. Is it difficult to share files between workstations, do you find yourself constantly emailing them back and forth to one another because they’re not stored anywhere central? Do you run into issues anytime someone new is added to the company, be it setting them up on the office printer or allowing them access to the weird shared directory of files that are setup someplace that no one seems able to find? Do the terrible passwords hidden underneath keyboards at everyone’s desk keep you up at night, wondering who might have unauthorized access to sensitive data, like payroll?
A domain is not a security panacea, but the creation and maintenance of one does represent one of the security features only available to workstations running Windows 10 Professional, and one of the biggest barriers that IT providers constantly run into when it comes to helping their clients scale.
If you feel like you’re hitting your head on the ceiling when it comes to your technology, like things should be far more seamless than they are, or that you and your team have to be far more hands on with their technology than with their business; it’s time to investigate taking your business to the next level. Oftentimes that process will start with an upgrade to Windows 10 Professional, and the creation of an Active Directory Domain.
Mythos Technology is an IT consulting and management firm that provides Managed Technology Services including hosted cloud solutions. For more information, please visit www.mythostech.com or call (951) 813-2672.