I have a potential client who is mulling whether or not to invest a ton of
cash in upgrading to W2K3/AD. They are a company in the Medical Care
industry who has one central location and up to 800 remote branch offices.
Theses branch offices have a mix of Win98/W2K Pro/XP desktops. There is a
project in place for upgrading everyone to XP. These users at the remote
offices simply utilize the pc's to access client/server apps back home at
the central location (i.e. SAP, Lotus Notes). They have no need for things
such as Office, Visio, etc... Along with the previously mentioned
applications are home grown, patient demographic applications they acess.
Presently, these remote sites share usernames/passwords, some usernames do
not require passwords. It's very messy.

The client wants to know why they should go to AD when they can simply throw
up a Firewall to protect the servers which are hosting (SAP, Oracle, Notes,
patient application, etc) and simply let these remote pc's sit in a
workgroup????

My thoughts are MIIS for Single Sign on? And, what is this new ADAM (AD
Applicaton Mode) do for companies? The most important thing for them is
HIPPA compliancy and they want to know how rolling out AD can make them more
secure? Exact examples?

Any insight would be appreciated.

If you are helping them design this you should know the reasons for a domain
over a workgroup. This really scares me that a company this big doesn't have
the IT staff to support it. Especially when they are trying to be HIPPA
compliant! Security is one of the biggest reasons. Single sign is also one
but not nearly as important as the Security advantages. A domain creates
secure channels between the clients and the network where a workgroup
doesn't. You can require password changes and group policy to lock
everything down. Simply adding a firewall and letting your users decide how
and when to change their passwords and managing any of that with a workgroup
is just impossible. ESPECIALLY if you have 800 remote offices. Sounds like
you need a local security consultant to help out. There are more reasons
than quoted here and this really isn't the place to get into this sort of
discussion. More guys will probably chime in and give their thoughts but
getting some qualified and certified people on this decision is really what
is needed so they can know and understand a lot more than you can tell us
here and make the proper recommendations.

--
Scott Harding
MCSE, MCSA, A+, Network+
Microsoft MVP - Windows NT Server


"adfreak" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> I have a potential client who is mulling whether or not to invest a ton of
> cash in upgrading to W2K3/AD. They are a company in the Medical Care
> industry who has one central location and up to 800 remote branch offices.
> Theses branch offices have a mix of Win98/W2K Pro/XP desktops. There is a
> project in place for upgrading everyone to XP. These users at the remote
> offices simply utilize the pc's to access client/server apps back home at
> the central location (i.e. SAP, Lotus Notes). They have no need for
things
> such as Office, Visio, etc... Along with the previously mentioned
> applications are home grown, patient demographic applications they acess.
> Presently, these remote sites share usernames/passwords, some usernames do
> not require passwords. It's very messy.
>
> The client wants to know why they should go to AD when they can simply
throw
> up a Firewall to protect the servers which are hosting (SAP, Oracle,
Notes,
> patient application, etc) and simply let these remote pc's sit in a
> workgroup????
>
> My thoughts are MIIS for Single Sign on? And, what is this new ADAM (AD
> Applicaton Mode) do for companies? The most important thing for them is
> HIPPA compliancy and they want to know how rolling out AD can make them
more
> secure? Exact examples?
>
> Any insight would be appreciated.
>
>

First things first. I've been in the industry 10 years strictly doing
Microsoft work. I'm an MCSE on all three platforms (NT, W2K and Windows
2003) and am very familiar with the differences between a domain and
workgroup. I guess you didn't read my statement close enough. The client
is saying that since everyone of those 800 + remote sites does not require
security principals accessing resources in the domain, then why bother
putting them in the domain? They won't need to push out group
polices,etc...

They're more concerned with the servers in the central site hosting the data
for there medical applications (which require application
usernames/passwords). They want to know why they should fork up $500K+ to
roll out AD when their top priority this year is securing the applications
for HIPPA compliancy. I simply wrote asking if MIIS and or ADAM (both newly
introduced recently) could help them out?

Why isn't this the place to get "into this kind of discussion"?? I thought
this was a newsgroup where fellow engineers learn off one another, not blast
each other...


"Scott Harding - MS MVP" <scrockel@**NO_SPAM**hotmail.com> wrote in message
news:(E-Mail Removed)...
> If you are helping them design this you should know the reasons for a
domain
> over a workgroup. This really scares me that a company this big doesn't
have
> the IT staff to support it. Especially when they are trying to be HIPPA
> compliant! Security is one of the biggest reasons. Single sign is also one
> but not nearly as important as the Security advantages. A domain creates
> secure channels between the clients and the network where a workgroup
> doesn't. You can require password changes and group policy to lock
> everything down. Simply adding a firewall and letting your users decide
how
> and when to change their passwords and managing any of that with a
workgroup
> is just impossible. ESPECIALLY if you have 800 remote offices. Sounds like
> you need a local security consultant to help out. There are more reasons
> than quoted here and this really isn't the place to get into this sort of
> discussion. More guys will probably chime in and give their thoughts but
> getting some qualified and certified people on this decision is really
what
> is needed so they can know and understand a lot more than you can tell us
> here and make the proper recommendations.
>
> --
> Scott Harding
> MCSE, MCSA, A+, Network+
> Microsoft MVP - Windows NT Server
>
>
> "adfreak" <(E-Mail Removed)> wrote in message
> news:(E-Mail Removed)...
> > I have a potential client who is mulling whether or not to invest a ton
of
> > cash in upgrading to W2K3/AD. They are a company in the Medical Care
> > industry who has one central location and up to 800 remote branch
offices.
> > Theses branch offices have a mix of Win98/W2K Pro/XP desktops. There is
a
> > project in place for upgrading everyone to XP. These users at the
remote
> > offices simply utilize the pc's to access client/server apps back home
at
> > the central location (i.e. SAP, Lotus Notes). They have no need for
> things
> > such as Office, Visio, etc... Along with the previously mentioned
> > applications are home grown, patient demographic applications they
acess.
> > Presently, these remote sites share usernames/passwords, some usernames
do
> > not require passwords. It's very messy.
> >
> > The client wants to know why they should go to AD when they can simply
> throw
> > up a Firewall to protect the servers which are hosting (SAP, Oracle,
> Notes,
> > patient application, etc) and simply let these remote pc's sit in a
> > workgroup????
> >
> > My thoughts are MIIS for Single Sign on? And, what is this new ADAM (AD
> > Applicaton Mode) do for companies? The most important thing for them is
> > HIPPA compliancy and they want to know how rolling out AD can make them
> more
> > secure? Exact examples?
> >
> > Any insight would be appreciated.
> >
> >
>
>

Ok, I misunderstood your post a little AND I was not blasting you at all.
Your post read as if you didn't know the difference between a workgroup and
a domain. So for that I am sorry, and why I sounded like I was blasting your
knowledge. If these remote sites login with some secure VPN or something to
that effect that should be fine. I was under the impresion that these remote
sites were already on the domain. If they have some sort of authentication
to the main site to get into whatever apps they need etc. then the remote
sites may not need to be part of a domain. And the reason for this being a
little inappropriate for this type of discussions if that there is always
more that we need to know and no one wants to write a book to answer
questions and there is typically so much we would need to know to be useful
that a lot of times we may not have the big picture to answer appropriately.
Certainly not saying that we won't try to help. That's what MVP's
do.....help out for free. Let's see what we can find for your specific
questions below...

--
Scott Harding
MCSE, MCSA, A+, Network+
Microsoft MVP - Windows NT Server


"adfreak" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> First things first. I've been in the industry 10 years strictly doing
> Microsoft work. I'm an MCSE on all three platforms (NT, W2K and Windows
> 2003) and am very familiar with the differences between a domain and
> workgroup. I guess you didn't read my statement close enough. The client
> is saying that since everyone of those 800 + remote sites does not require
> security principals accessing resources in the domain, then why bother
> putting them in the domain? They won't need to push out group
> polices,etc...
>
> They're more concerned with the servers in the central site hosting the
data
> for there medical applications (which require application
> usernames/passwords). They want to know why they should fork up $500K+ to
> roll out AD when their top priority this year is securing the applications
> for HIPPA compliancy. I simply wrote asking if MIIS and or ADAM (both
newly
> introduced recently) could help them out?
>
> Why isn't this the place to get "into this kind of discussion"?? I
thought
> this was a newsgroup where fellow engineers learn off one another, not
blast
> each other...
>
>
> "Scott Harding - MS MVP" <scrockel@**NO_SPAM**hotmail.com> wrote in
message
> news:(E-Mail Removed)...
> > If you are helping them design this you should know the reasons for a
> domain
> > over a workgroup. This really scares me that a company this big doesn't
> have
> > the IT staff to support it. Especially when they are trying to be HIPPA
> > compliant! Security is one of the biggest reasons. Single sign is also
one
> > but not nearly as important as the Security advantages. A domain creates
> > secure channels between the clients and the network where a workgroup
> > doesn't. You can require password changes and group policy to lock
> > everything down. Simply adding a firewall and letting your users decide
> how
> > and when to change their passwords and managing any of that with a
> workgroup
> > is just impossible. ESPECIALLY if you have 800 remote offices. Sounds
like
> > you need a local security consultant to help out. There are more reasons
> > than quoted here and this really isn't the place to get into this sort
of
> > discussion. More guys will probably chime in and give their thoughts but
> > getting some qualified and certified people on this decision is really
> what
> > is needed so they can know and understand a lot more than you can tell
us
> > here and make the proper recommendations.
> >
> > --
> > Scott Harding
> > MCSE, MCSA, A+, Network+
> > Microsoft MVP - Windows NT Server
> >
> >
> > "adfreak" <(E-Mail Removed)> wrote in message
> > news:(E-Mail Removed)...
> > > I have a potential client who is mulling whether or not to invest a
ton
> of
> > > cash in upgrading to W2K3/AD. They are a company in the Medical Care
> > > industry who has one central location and up to 800 remote branch
> offices.
> > > Theses branch offices have a mix of Win98/W2K Pro/XP desktops. There
is
> a
> > > project in place for upgrading everyone to XP. These users at the
> remote
> > > offices simply utilize the pc's to access client/server apps back home
> at
> > > the central location (i.e. SAP, Lotus Notes). They have no need for
> > things
> > > such as Office, Visio, etc... Along with the previously mentioned
> > > applications are home grown, patient demographic applications they
> acess.
> > > Presently, these remote sites share usernames/passwords, some
usernames
> do
> > > not require passwords. It's very messy.
> > >
> > > The client wants to know why they should go to AD when they can simply
> > throw
> > > up a Firewall to protect the servers which are hosting (SAP, Oracle,
> > Notes,
> > > patient application, etc) and simply let these remote pc's sit in a
> > > workgroup????
> > >
> > > My thoughts are MIIS for Single Sign on? And, what is this new ADAM
(AD
> > > Applicaton Mode) do for companies? The most important thing for them
is
> > > HIPPA compliancy and they want to know how rolling out AD can make
them
> > more
> > > secure? Exact examples?
> > >
> > > Any insight would be appreciated.
> > >
> > >
> >
> >
>
>

Here's some mroe info...

http://www.microsoft.com/windowsserv...view/adam.mspx

download.....

http://www.microsoft.com/downloads/d...displaylang=en

MIIS info...

http://www.microsoft.com/windowsserv...s/default.mspx
--
Scott Harding
MCSE, MCSA, A+, Network+
Microsoft MVP - Windows NT Server

"adfreak" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> First things first. I've been in the industry 10 years strictly doing
> Microsoft work. I'm an MCSE on all three platforms (NT, W2K and Windows
> 2003) and am very familiar with the differences between a domain and
> workgroup. I guess you didn't read my statement close enough. The client
> is saying that since everyone of those 800 + remote sites does not require
> security principals accessing resources in the domain, then why bother
> putting them in the domain? They won't need to push out group
> polices,etc...
>
> They're more concerned with the servers in the central site hosting the
data
> for there medical applications (which require application
> usernames/passwords). They want to know why they should fork up $500K+ to
> roll out AD when their top priority this year is securing the applications
> for HIPPA compliancy. I simply wrote asking if MIIS and or ADAM (both
newly
> introduced recently) could help them out?
>
> Why isn't this the place to get "into this kind of discussion"?? I
thought
> this was a newsgroup where fellow engineers learn off one another, not
blast
> each other...
>
>
> "Scott Harding - MS MVP" <scrockel@**NO_SPAM**hotmail.com> wrote in
message
> news:(E-Mail Removed)...
> > If you are helping them design this you should know the reasons for a
> domain
> > over a workgroup. This really scares me that a company this big doesn't
> have
> > the IT staff to support it. Especially when they are trying to be HIPPA
> > compliant! Security is one of the biggest reasons. Single sign is also
one
> > but not nearly as important as the Security advantages. A domain creates
> > secure channels between the clients and the network where a workgroup
> > doesn't. You can require password changes and group policy to lock
> > everything down. Simply adding a firewall and letting your users decide
> how
> > and when to change their passwords and managing any of that with a
> workgroup
> > is just impossible. ESPECIALLY if you have 800 remote offices. Sounds
like
> > you need a local security consultant to help out. There are more reasons
> > than quoted here and this really isn't the place to get into this sort
of
> > discussion. More guys will probably chime in and give their thoughts but
> > getting some qualified and certified people on this decision is really
> what
> > is needed so they can know and understand a lot more than you can tell
us
> > here and make the proper recommendations.
> >
> > --
> > Scott Harding
> > MCSE, MCSA, A+, Network+
> > Microsoft MVP - Windows NT Server
> >
> >
> > "adfreak" <(E-Mail Removed)> wrote in message
> > news:(E-Mail Removed)...
> > > I have a potential client who is mulling whether or not to invest a
ton
> of
> > > cash in upgrading to W2K3/AD. They are a company in the Medical Care
> > > industry who has one central location and up to 800 remote branch
> offices.
> > > Theses branch offices have a mix of Win98/W2K Pro/XP desktops. There
is
> a
> > > project in place for upgrading everyone to XP. These users at the
> remote
> > > offices simply utilize the pc's to access client/server apps back home
> at
> > > the central location (i.e. SAP, Lotus Notes). They have no need for
> > things
> > > such as Office, Visio, etc... Along with the previously mentioned
> > > applications are home grown, patient demographic applications they
> acess.
> > > Presently, these remote sites share usernames/passwords, some
usernames
> do
> > > not require passwords. It's very messy.
> > >
> > > The client wants to know why they should go to AD when they can simply
> > throw
> > > up a Firewall to protect the servers which are hosting (SAP, Oracle,
> > Notes,
> > > patient application, etc) and simply let these remote pc's sit in a
> > > workgroup????
> > >
> > > My thoughts are MIIS for Single Sign on? And, what is this new ADAM
(AD
> > > Applicaton Mode) do for companies? The most important thing for them
is
> > > HIPPA compliancy and they want to know how rolling out AD can make
them
> > more
> > > secure? Exact examples?
> > >
> > > Any insight would be appreciated.
> > >
> > >
> >
> >
>
>

Thanks, and I too apolozie if I sounded harsh in my response.

It's just that my back is against the wall in trying to do presales work in
scoring this big time engagment. From what I've heard, we're the leading
candidate. He (the VP) basically needs justification from me that deploying
AD will make his company more secure when they go through an upcoming HIPPA
audit. He then needs to go to the CIO to relay that to him in the hope that
he gets a thumbs up and funding.


"Scott Harding - MS MVP" <scrockel@**NO_SPAM**hotmail.com> wrote in message
news:(E-Mail Removed)...
> Ok, I misunderstood your post a little AND I was not blasting you at all.
> Your post read as if you didn't know the difference between a workgroup
and
> a domain. So for that I am sorry, and why I sounded like I was blasting
your
> knowledge. If these remote sites login with some secure VPN or something
to
> that effect that should be fine. I was under the impresion that these
remote
> sites were already on the domain. If they have some sort of authentication
> to the main site to get into whatever apps they need etc. then the remote
> sites may not need to be part of a domain. And the reason for this being a
> little inappropriate for this type of discussions if that there is always
> more that we need to know and no one wants to write a book to answer
> questions and there is typically so much we would need to know to be
useful
> that a lot of times we may not have the big picture to answer
appropriately.
> Certainly not saying that we won't try to help. That's what MVP's
> do.....help out for free. Let's see what we can find for your specific
> questions below...
>
> --
> Scott Harding
> MCSE, MCSA, A+, Network+
> Microsoft MVP - Windows NT Server
>
>
> "adfreak" <(E-Mail Removed)> wrote in message
> news:(E-Mail Removed)...
> > First things first. I've been in the industry 10 years strictly doing
> > Microsoft work. I'm an MCSE on all three platforms (NT, W2K and Windows
> > 2003) and am very familiar with the differences between a domain and
> > workgroup. I guess you didn't read my statement close enough. The
client
> > is saying that since everyone of those 800 + remote sites does not
require
> > security principals accessing resources in the domain, then why bother
> > putting them in the domain? They won't need to push out group
> > polices,etc...
> >
> > They're more concerned with the servers in the central site hosting the
> data
> > for there medical applications (which require application
> > usernames/passwords). They want to know why they should fork up $500K+
to
> > roll out AD when their top priority this year is securing the
applications
> > for HIPPA compliancy. I simply wrote asking if MIIS and or ADAM (both
> newly
> > introduced recently) could help them out?
> >
> > Why isn't this the place to get "into this kind of discussion"?? I
> thought
> > this was a newsgroup where fellow engineers learn off one another, not
> blast
> > each other...
> >
> >
> > "Scott Harding - MS MVP" <scrockel@**NO_SPAM**hotmail.com> wrote in
> message
> > news:(E-Mail Removed)...
> > > If you are helping them design this you should know the reasons for a
> > domain
> > > over a workgroup. This really scares me that a company this big
doesn't
> > have
> > > the IT staff to support it. Especially when they are trying to be
HIPPA
> > > compliant! Security is one of the biggest reasons. Single sign is also
> one
> > > but not nearly as important as the Security advantages. A domain
creates
> > > secure channels between the clients and the network where a workgroup
> > > doesn't. You can require password changes and group policy to lock
> > > everything down. Simply adding a firewall and letting your users
decide
> > how
> > > and when to change their passwords and managing any of that with a
> > workgroup
> > > is just impossible. ESPECIALLY if you have 800 remote offices. Sounds
> like
> > > you need a local security consultant to help out. There are more
reasons
> > > than quoted here and this really isn't the place to get into this sort
> of
> > > discussion. More guys will probably chime in and give their thoughts
but
> > > getting some qualified and certified people on this decision is really
> > what
> > > is needed so they can know and understand a lot more than you can tell
> us
> > > here and make the proper recommendations.
> > >
> > > --
> > > Scott Harding
> > > MCSE, MCSA, A+, Network+
> > > Microsoft MVP - Windows NT Server
> > >
> > >
> > > "adfreak" <(E-Mail Removed)> wrote in message
> > > news:(E-Mail Removed)...
> > > > I have a potential client who is mulling whether or not to invest a
> ton
> > of
> > > > cash in upgrading to W2K3/AD. They are a company in the Medical
Care
> > > > industry who has one central location and up to 800 remote branch
> > offices.
> > > > Theses branch offices have a mix of Win98/W2K Pro/XP desktops.
There
> is
> > a
> > > > project in place for upgrading everyone to XP. These users at the
> > remote
> > > > offices simply utilize the pc's to access client/server apps back
home
> > at
> > > > the central location (i.e. SAP, Lotus Notes). They have no need for
> > > things
> > > > such as Office, Visio, etc... Along with the previously mentioned
> > > > applications are home grown, patient demographic applications they
> > acess.
> > > > Presently, these remote sites share usernames/passwords, some
> usernames
> > do
> > > > not require passwords. It's very messy.
> > > >
> > > > The client wants to know why they should go to AD when they can
simply
> > > throw
> > > > up a Firewall to protect the servers which are hosting (SAP, Oracle,
> > > Notes,
> > > > patient application, etc) and simply let these remote pc's sit in a
> > > > workgroup????
> > > >
> > > > My thoughts are MIIS for Single Sign on? And, what is this new ADAM
> (AD
> > > > Applicaton Mode) do for companies? The most important thing for
them
> is
> > > > HIPPA compliancy and they want to know how rolling out AD can make
> them
> > > more
> > > > secure? Exact examples?
> > > >
> > > > Any insight would be appreciated.
> > > >
> > > >
> > >
> > >
> >
> >
>
>

Thanks.

I'm probably correct in my assumption that ADAM will not support home grown
applications?

Appreciate your help
"Scott Harding - MS MVP" <scrockel@**NO_SPAM**hotmail.com> wrote in message
news:(E-Mail Removed)...
> Here's some mroe info...
>
> http://www.microsoft.com/windowsserv...view/adam.mspx
>
> download.....
>
>
http://www.microsoft.com/downloads/d...displaylang=en
>
> MIIS info...
>
>
http://www.microsoft.com/windowsserv...s/default.mspx
> --
> Scott Harding
> MCSE, MCSA, A+, Network+
> Microsoft MVP - Windows NT Server
>
> "adfreak" <(E-Mail Removed)> wrote in message
> news:(E-Mail Removed)...
> > First things first. I've been in the industry 10 years strictly doing
> > Microsoft work. I'm an MCSE on all three platforms (NT, W2K and Windows
> > 2003) and am very familiar with the differences between a domain and
> > workgroup. I guess you didn't read my statement close enough. The
client
> > is saying that since everyone of those 800 + remote sites does not
require
> > security principals accessing resources in the domain, then why bother
> > putting them in the domain? They won't need to push out group
> > polices,etc...
> >
> > They're more concerned with the servers in the central site hosting the
> data
> > for there medical applications (which require application
> > usernames/passwords). They want to know why they should fork up $500K+
to
> > roll out AD when their top priority this year is securing the
applications
> > for HIPPA compliancy. I simply wrote asking if MIIS and or ADAM (both
> newly
> > introduced recently) could help them out?
> >
> > Why isn't this the place to get "into this kind of discussion"?? I
> thought
> > this was a newsgroup where fellow engineers learn off one another, not
> blast
> > each other...
> >
> >
> > "Scott Harding - MS MVP" <scrockel@**NO_SPAM**hotmail.com> wrote in
> message
> > news:(E-Mail Removed)...
> > > If you are helping them design this you should know the reasons for a
> > domain
> > > over a workgroup. This really scares me that a company this big
doesn't
> > have
> > > the IT staff to support it. Especially when they are trying to be
HIPPA
> > > compliant! Security is one of the biggest reasons. Single sign is also
> one
> > > but not nearly as important as the Security advantages. A domain
creates
> > > secure channels between the clients and the network where a workgroup
> > > doesn't. You can require password changes and group policy to lock
> > > everything down. Simply adding a firewall and letting your users
decide
> > how
> > > and when to change their passwords and managing any of that with a
> > workgroup
> > > is just impossible. ESPECIALLY if you have 800 remote offices. Sounds
> like
> > > you need a local security consultant to help out. There are more
reasons
> > > than quoted here and this really isn't the place to get into this sort
> of
> > > discussion. More guys will probably chime in and give their thoughts
but
> > > getting some qualified and certified people on this decision is really
> > what
> > > is needed so they can know and understand a lot more than you can tell
> us
> > > here and make the proper recommendations.
> > >
> > > --
> > > Scott Harding
> > > MCSE, MCSA, A+, Network+
> > > Microsoft MVP - Windows NT Server
> > >
> > >
> > > "adfreak" <(E-Mail Removed)> wrote in message
> > > news:(E-Mail Removed)...
> > > > I have a potential client who is mulling whether or not to invest a
> ton
> > of
> > > > cash in upgrading to W2K3/AD. They are a company in the Medical
Care
> > > > industry who has one central location and up to 800 remote branch
> > offices.
> > > > Theses branch offices have a mix of Win98/W2K Pro/XP desktops.
There
> is
> > a
> > > > project in place for upgrading everyone to XP. These users at the
> > remote
> > > > offices simply utilize the pc's to access client/server apps back
home
> > at
> > > > the central location (i.e. SAP, Lotus Notes). They have no need for
> > > things
> > > > such as Office, Visio, etc... Along with the previously mentioned
> > > > applications are home grown, patient demographic applications they
> > acess.
> > > > Presently, these remote sites share usernames/passwords, some
> usernames
> > do
> > > > not require passwords. It's very messy.
> > > >
> > > > The client wants to know why they should go to AD when they can
simply
> > > throw
> > > > up a Firewall to protect the servers which are hosting (SAP, Oracle,
> > > Notes,
> > > > patient application, etc) and simply let these remote pc's sit in a
> > > > workgroup????
> > > >
> > > > My thoughts are MIIS for Single Sign on? And, what is this new ADAM
> (AD
> > > > Applicaton Mode) do for companies? The most important thing for
them
> is
> > > > HIPPA compliancy and they want to know how rolling out AD can make
> them
> > > more
> > > > secure? Exact examples?
> > > >
> > > > Any insight would be appreciated.
> > > >
> > > >
> > >
> > >
> >
> >
>
>

Hard to say for sure. Unfortunately that is one that you will have to test
to be sure. Typically if your app is using standard MS API's and such it
should work but you and I both know that sometimes programmers do strange
things and as MS tries to lock down the systems more and more sometimes apps
break.....

--
Scott Harding
MCSE, MCSA, A+, Network+
Microsoft MVP - Windows NT Server

"adfreak" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> Thanks.
>
> I'm probably correct in my assumption that ADAM will not support home
grown
> applications?
>
> Appreciate your help
> "Scott Harding - MS MVP" <scrockel@**NO_SPAM**hotmail.com> wrote in
message
> news:(E-Mail Removed)...
> > Here's some mroe info...
> >
> > http://www.microsoft.com/windowsserv...view/adam.mspx
> >
> > download.....
> >
> >
>
http://www.microsoft.com/downloads/d...displaylang=en
> >
> > MIIS info...
> >
> >
>
http://www.microsoft.com/windowsserv...s/default.mspx
> > --
> > Scott Harding
> > MCSE, MCSA, A+, Network+
> > Microsoft MVP - Windows NT Server
> >
> > "adfreak" <(E-Mail Removed)> wrote in message
> > news:(E-Mail Removed)...
> > > First things first. I've been in the industry 10 years strictly doing
> > > Microsoft work. I'm an MCSE on all three platforms (NT, W2K and
Windows
> > > 2003) and am very familiar with the differences between a domain and
> > > workgroup. I guess you didn't read my statement close enough. The
> client
> > > is saying that since everyone of those 800 + remote sites does not
> require
> > > security principals accessing resources in the domain, then why bother
> > > putting them in the domain? They won't need to push out group
> > > polices,etc...
> > >
> > > They're more concerned with the servers in the central site hosting
the
> > data
> > > for there medical applications (which require application
> > > usernames/passwords). They want to know why they should fork up
$500K+
> to
> > > roll out AD when their top priority this year is securing the
> applications
> > > for HIPPA compliancy. I simply wrote asking if MIIS and or ADAM (both
> > newly
> > > introduced recently) could help them out?
> > >
> > > Why isn't this the place to get "into this kind of discussion"?? I
> > thought
> > > this was a newsgroup where fellow engineers learn off one another, not
> > blast
> > > each other...
> > >
> > >
> > > "Scott Harding - MS MVP" <scrockel@**NO_SPAM**hotmail.com> wrote in
> > message
> > > news:(E-Mail Removed)...
> > > > If you are helping them design this you should know the reasons for
a
> > > domain
> > > > over a workgroup. This really scares me that a company this big
> doesn't
> > > have
> > > > the IT staff to support it. Especially when they are trying to be
> HIPPA
> > > > compliant! Security is one of the biggest reasons. Single sign is
also
> > one
> > > > but not nearly as important as the Security advantages. A domain
> creates
> > > > secure channels between the clients and the network where a
workgroup
> > > > doesn't. You can require password changes and group policy to lock
> > > > everything down. Simply adding a firewall and letting your users
> decide
> > > how
> > > > and when to change their passwords and managing any of that with a
> > > workgroup
> > > > is just impossible. ESPECIALLY if you have 800 remote offices.
Sounds
> > like
> > > > you need a local security consultant to help out. There are more
> reasons
> > > > than quoted here and this really isn't the place to get into this
sort
> > of
> > > > discussion. More guys will probably chime in and give their thoughts
> but
> > > > getting some qualified and certified people on this decision is
really
> > > what
> > > > is needed so they can know and understand a lot more than you can
tell
> > us
> > > > here and make the proper recommendations.
> > > >
> > > > --
> > > > Scott Harding
> > > > MCSE, MCSA, A+, Network+
> > > > Microsoft MVP - Windows NT Server
> > > >
> > > >
> > > > "adfreak" <(E-Mail Removed)> wrote in message
> > > > news:(E-Mail Removed)...
> > > > > I have a potential client who is mulling whether or not to invest
a
> > ton
> > > of
> > > > > cash in upgrading to W2K3/AD. They are a company in the Medical
> Care
> > > > > industry who has one central location and up to 800 remote branch
> > > offices.
> > > > > Theses branch offices have a mix of Win98/W2K Pro/XP desktops.
> There
> > is
> > > a
> > > > > project in place for upgrading everyone to XP. These users at the
> > > remote
> > > > > offices simply utilize the pc's to access client/server apps back
> home
> > > at
> > > > > the central location (i.e. SAP, Lotus Notes). They have no need
for
> > > > things
> > > > > such as Office, Visio, etc... Along with the previously mentioned
> > > > > applications are home grown, patient demographic applications they
> > > acess.
> > > > > Presently, these remote sites share usernames/passwords, some
> > usernames
> > > do
> > > > > not require passwords. It's very messy.
> > > > >
> > > > > The client wants to know why they should go to AD when they can
> simply
> > > > throw
> > > > > up a Firewall to protect the servers which are hosting (SAP,
Oracle,
> > > > Notes,
> > > > > patient application, etc) and simply let these remote pc's sit in
a
> > > > > workgroup????
> > > > >
> > > > > My thoughts are MIIS for Single Sign on? And, what is this new
ADAM
> > (AD
> > > > > Applicaton Mode) do for companies? The most important thing for
> them
> > is
> > > > > HIPPA compliancy and they want to know how rolling out AD can make
> > them
> > > > more
> > > > > secure? Exact examples?
> > > > >
> > > > > Any insight would be appreciated.
> > > > >
> > > > >
> > > >
> > > >
> > >
> > >
> >
> >
>
>

ANother thought I have is to maybe start at your main site with domain
upgrades etc...so you can lock down all those systems and such and then test
with your clients and see how it works. Basically what I am saying is that
maybe it is a stepping process where you don't necessarily include or
upgrade your remote sites to a domain or into your domain as you test and
see how things work and how secure they are. I don't think there is going to
be a blanket, one answer for all, for this situation. I'm sure some of the
other guys will chime in with some thoughts? Fellas?

--
Scott Harding
MCSE, MCSA, A+, Network+
Microsoft MVP - Windows NT Server

"adfreak" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> Thanks.
>
> I'm probably correct in my assumption that ADAM will not support home
grown
> applications?
>
> Appreciate your help
> "Scott Harding - MS MVP" <scrockel@**NO_SPAM**hotmail.com> wrote in
message
> news:(E-Mail Removed)...
> > Here's some mroe info...
> >
> > http://www.microsoft.com/windowsserv...view/adam.mspx
> >
> > download.....
> >
> >
>
http://www.microsoft.com/downloads/d...displaylang=en
> >
> > MIIS info...
> >
> >
>
http://www.microsoft.com/windowsserv...s/default.mspx
> > --
> > Scott Harding
> > MCSE, MCSA, A+, Network+
> > Microsoft MVP - Windows NT Server
> >
> > "adfreak" <(E-Mail Removed)> wrote in message
> > news:(E-Mail Removed)...
> > > First things first. I've been in the industry 10 years strictly doing
> > > Microsoft work. I'm an MCSE on all three platforms (NT, W2K and
Windows
> > > 2003) and am very familiar with the differences between a domain and
> > > workgroup. I guess you didn't read my statement close enough. The
> client
> > > is saying that since everyone of those 800 + remote sites does not
> require
> > > security principals accessing resources in the domain, then why bother
> > > putting them in the domain? They won't need to push out group
> > > polices,etc...
> > >
> > > They're more concerned with the servers in the central site hosting
the
> > data
> > > for there medical applications (which require application
> > > usernames/passwords). They want to know why they should fork up
$500K+
> to
> > > roll out AD when their top priority this year is securing the
> applications
> > > for HIPPA compliancy. I simply wrote asking if MIIS and or ADAM (both
> > newly
> > > introduced recently) could help them out?
> > >
> > > Why isn't this the place to get "into this kind of discussion"?? I
> > thought
> > > this was a newsgroup where fellow engineers learn off one another, not
> > blast
> > > each other...
> > >
> > >
> > > "Scott Harding - MS MVP" <scrockel@**NO_SPAM**hotmail.com> wrote in
> > message
> > > news:(E-Mail Removed)...
> > > > If you are helping them design this you should know the reasons for
a
> > > domain
> > > > over a workgroup. This really scares me that a company this big
> doesn't
> > > have
> > > > the IT staff to support it. Especially when they are trying to be
> HIPPA
> > > > compliant! Security is one of the biggest reasons. Single sign is
also
> > one
> > > > but not nearly as important as the Security advantages. A domain
> creates
> > > > secure channels between the clients and the network where a
workgroup
> > > > doesn't. You can require password changes and group policy to lock
> > > > everything down. Simply adding a firewall and letting your users
> decide
> > > how
> > > > and when to change their passwords and managing any of that with a
> > > workgroup
> > > > is just impossible. ESPECIALLY if you have 800 remote offices.
Sounds
> > like
> > > > you need a local security consultant to help out. There are more
> reasons
> > > > than quoted here and this really isn't the place to get into this
sort
> > of
> > > > discussion. More guys will probably chime in and give their thoughts
> but
> > > > getting some qualified and certified people on this decision is
really
> > > what
> > > > is needed so they can know and understand a lot more than you can
tell
> > us
> > > > here and make the proper recommendations.
> > > >
> > > > --
> > > > Scott Harding
> > > > MCSE, MCSA, A+, Network+
> > > > Microsoft MVP - Windows NT Server
> > > >
> > > >
> > > > "adfreak" <(E-Mail Removed)> wrote in message
> > > > news:(E-Mail Removed)...
> > > > > I have a potential client who is mulling whether or not to invest
a
> > ton
> > > of
> > > > > cash in upgrading to W2K3/AD. They are a company in the Medical
> Care
> > > > > industry who has one central location and up to 800 remote branch
> > > offices.
> > > > > Theses branch offices have a mix of Win98/W2K Pro/XP desktops.
> There
> > is
> > > a
> > > > > project in place for upgrading everyone to XP. These users at the
> > > remote
> > > > > offices simply utilize the pc's to access client/server apps back
> home
> > > at
> > > > > the central location (i.e. SAP, Lotus Notes). They have no need
for
> > > > things
> > > > > such as Office, Visio, etc... Along with the previously mentioned
> > > > > applications are home grown, patient demographic applications they
> > > acess.
> > > > > Presently, these remote sites share usernames/passwords, some
> > usernames
> > > do
> > > > > not require passwords. It's very messy.
> > > > >
> > > > > The client wants to know why they should go to AD when they can
> simply
> > > > throw
> > > > > up a Firewall to protect the servers which are hosting (SAP,
Oracle,
> > > > Notes,
> > > > > patient application, etc) and simply let these remote pc's sit in
a
> > > > > workgroup????
> > > > >
> > > > > My thoughts are MIIS for Single Sign on? And, what is this new
ADAM
> > (AD
> > > > > Applicaton Mode) do for companies? The most important thing for
> them
> > is
> > > > > HIPPA compliancy and they want to know how rolling out AD can make
> > them
> > > > more
> > > > > secure? Exact examples?
> > > > >
> > > > > Any insight would be appreciated.
> > > > >
> > > > >
> > > >
> > > >
> > >
> > >
> >
> >
>
>

Is your current domain NT4?

--
Scott Harding
MCSE, MCSA, A+, Network+
Microsoft MVP - Windows NT Server

"adfreak" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> Thanks.
>
> I'm probably correct in my assumption that ADAM will not support home
grown
> applications?
>
> Appreciate your help
> "Scott Harding - MS MVP" <scrockel@**NO_SPAM**hotmail.com> wrote in
message
> news:(E-Mail Removed)...
> > Here's some mroe info...
> >
> > http://www.microsoft.com/windowsserv...view/adam.mspx
> >
> > download.....
> >
> >
>
http://www.microsoft.com/downloads/d...displaylang=en
> >
> > MIIS info...
> >
> >
>
http://www.microsoft.com/windowsserv...s/default.mspx
> > --
> > Scott Harding
> > MCSE, MCSA, A+, Network+
> > Microsoft MVP - Windows NT Server
> >
> > "adfreak" <(E-Mail Removed)> wrote in message
> > news:(E-Mail Removed)...
> > > First things first. I've been in the industry 10 years strictly doing
> > > Microsoft work. I'm an MCSE on all three platforms (NT, W2K and
Windows
> > > 2003) and am very familiar with the differences between a domain and
> > > workgroup. I guess you didn't read my statement close enough. The
> client
> > > is saying that since everyone of those 800 + remote sites does not
> require
> > > security principals accessing resources in the domain, then why bother
> > > putting them in the domain? They won't need to push out group
> > > polices,etc...
> > >
> > > They're more concerned with the servers in the central site hosting
the
> > data
> > > for there medical applications (which require application
> > > usernames/passwords). They want to know why they should fork up
$500K+
> to
> > > roll out AD when their top priority this year is securing the
> applications
> > > for HIPPA compliancy. I simply wrote asking if MIIS and or ADAM (both
> > newly
> > > introduced recently) could help them out?
> > >
> > > Why isn't this the place to get "into this kind of discussion"?? I
> > thought
> > > this was a newsgroup where fellow engineers learn off one another, not
> > blast
> > > each other...
> > >
> > >
> > > "Scott Harding - MS MVP" <scrockel@**NO_SPAM**hotmail.com> wrote in
> > message
> > > news:(E-Mail Removed)...
> > > > If you are helping them design this you should know the reasons for
a
> > > domain
> > > > over a workgroup. This really scares me that a company this big
> doesn't
> > > have
> > > > the IT staff to support it. Especially when they are trying to be
> HIPPA
> > > > compliant! Security is one of the biggest reasons. Single sign is
also
> > one
> > > > but not nearly as important as the Security advantages. A domain
> creates
> > > > secure channels between the clients and the network where a
workgroup
> > > > doesn't. You can require password changes and group policy to lock
> > > > everything down. Simply adding a firewall and letting your users
> decide
> > > how
> > > > and when to change their passwords and managing any of that with a
> > > workgroup
> > > > is just impossible. ESPECIALLY if you have 800 remote offices.
Sounds
> > like
> > > > you need a local security consultant to help out. There are more
> reasons
> > > > than quoted here and this really isn't the place to get into this
sort
> > of
> > > > discussion. More guys will probably chime in and give their thoughts
> but
> > > > getting some qualified and certified people on this decision is
really
> > > what
> > > > is needed so they can know and understand a lot more than you can
tell
> > us
> > > > here and make the proper recommendations.
> > > >
> > > > --
> > > > Scott Harding
> > > > MCSE, MCSA, A+, Network+
> > > > Microsoft MVP - Windows NT Server
> > > >
> > > >
> > > > "adfreak" <(E-Mail Removed)> wrote in message
> > > > news:(E-Mail Removed)...
> > > > > I have a potential client who is mulling whether or not to invest
a
> > ton
> > > of
> > > > > cash in upgrading to W2K3/AD. They are a company in the Medical
> Care
> > > > > industry who has one central location and up to 800 remote branch
> > > offices.
> > > > > Theses branch offices have a mix of Win98/W2K Pro/XP desktops.
> There
> > is
> > > a
> > > > > project in place for upgrading everyone to XP. These users at the
> > > remote
> > > > > offices simply utilize the pc's to access client/server apps back
> home
> > > at
> > > > > the central location (i.e. SAP, Lotus Notes). They have no need
for
> > > > things
> > > > > such as Office, Visio, etc... Along with the previously mentioned
> > > > > applications are home grown, patient demographic applications they
> > > acess.
> > > > > Presently, these remote sites share usernames/passwords, some
> > usernames
> > > do
> > > > > not require passwords. It's very messy.
> > > > >
> > > > > The client wants to know why they should go to AD when they can
> simply
> > > > throw
> > > > > up a Firewall to protect the servers which are hosting (SAP,
Oracle,
> > > > Notes,
> > > > > patient application, etc) and simply let these remote pc's sit in
a
> > > > > workgroup????
> > > > >
> > > > > My thoughts are MIIS for Single Sign on? And, what is this new
ADAM
> > (AD
> > > > > Applicaton Mode) do for companies? The most important thing for
> them
> > is
> > > > > HIPPA compliancy and they want to know how rolling out AD can make
> > them
> > > > more
> > > > > secure? Exact examples?
> > > > >
> > > > > Any insight would be appreciated.
> > > > >
> > > > >
> > > >
> > > >
> > >
> > >
> >
> >
>
>