Waisman Computing Services

FAQ 2037Waisman Domain

What is a domain and why should my PC be a member of the Waisman domain?
A Windows domain is a group of computers that share common security policies and centralized authorization credentials (usernames, passwords and groups). The servers in a domain can validate users for access to resources (such as file, print and web services) provided by the servers in the domain.
Nearly all PC's on the Waisman network participate as members in a domain named Waisman. This means our servers provide central authentication and grant permission to use files, printers and web pages (resources) rather than the having to create users and groups locally on every individual PC. The protected resources (files or printers) can be located on a server or an individual PC that's a member of the Waisman domain. For example, you can share a folder on your PC's hard drive to a group of users you select from those that already have accounts (a username and password) on the Waisman domain. That way. they can use the same username and password to access the folder you've provided that they use to logon to their own PC or email.
Advantages of Domain membership include:
To obtain automatic security updates. If a security exploit occurs (a virus or worm emerging) we can apply a patch to prevent it from affecting your computer and risking other computers on the network.

To have necessary global settings or other changes "pushed" out to your computer (some at the request of Waisman Administration) that depend on a logon script. The alternative is to pay an hourly rate to have someone manually apply the changes to your computer.

Your computer is more secure. When a computer is in a domain, certain security settings change to make it harder for hackers to get in or map your hard drives.

The computer can be HIPAA compliant. HIPAA requires central authentication (along with other security policies) which does not occur on systems that are not domain members.

Disadvantages of Domain membership:
The XP feature known as "fast user switching" is disabled when a computer is a domain member. This is a Windows design constraint for security reasons.

XP computers cannot be a member of a Workgroup. Workgroups are a legacy feature of much earlier Windows systems and was made obsolete with Windows 2000. While workgroups can make finding other related computers easier, this is merely a cosmetic effect that is easily overcome.

In brief, when a computer is not a member of a domain, it's security is similar to XP Home Edition (which can't be a domain member). So essentially, by not using XP Professional in a domain, you've converted it into an insecure consumer toy that can never be HIPAA compliant.

Since domain membership implies a level of trust, the members of a domain must have trusted software prior to becoming a domain member. That means we can only add computers that have have been imaged (have a hard drive with XP Professional and applications pre-installed and configured with secure settings) as members of the Waisman domain.
© 2018 Waisman Computing Services   |   Contact us   |   Last modified: 2007-08-27
zoom Toggle print mode
Return to FAQ Index