domain controller in the cloud for small office?
-
Does anyone have any small offices where you're running a domain controller in the cloud? I have a small office of 8 computers that is separating from the main network as the company splits. They have HIPAA concerns, so I would like to be able to centrally manage passwords (and their expiration) and stuff like that. I don't think it makes sense to put a physical server onsite for that.
Any recommendations?
-
That small of an office,. do you really need a DC - you should still be able to have HIPAA security without it.
-
@gjacobse said in domain controller in the cloud for small office?:
HIPAA security without it.
How do you create a password change policy that gets enforced without a domain controller?
-
NTG did this until we decided AD wasn't useful.
-
If they feel they must have the functionality available, why not use Azure Domain Services https://azure.microsoft.com/en-us/services/active-directory-ds/ (Or whatever it happens to be called at the moment, I can't keep track.)
-
@mike-davis said in domain controller in the cloud for small office?:
@gjacobse said in domain controller in the cloud for small office?:
HIPAA security without it.
How do you create a password change policy that gets enforced without a domain controller?
GPO, Salt, JumpCloud, AzureAD, etc.
You are below even Microsoft's long stated minimum use case threshold.
-
You can do such a thing through VPN tunnels, I have one massive Domain Controller and through VPN i provide those group policies to them. Allowing small business to get the benefit without having the expense. Also what concerns are they having about HIPPA ? Encryption can be done on each station and if you are providing a network share, I believe Ike V2 is HIPPA compliant and encrypting the server also provides that compliance.
-
@travisdh1 said in domain controller in the cloud for small office?:
If they feel they must have the functionality available, why not use Azure Domain Services https://azure.microsoft.com/en-us/services/active-directory-ds/ (Or whatever it happens to be called at the moment, I can't keep track.)
That looks like what I'm looking for, but it looks like $111.60/month. Seems like I could spin up a vultr windows server for $27/month.
-
@scottalanmiller said in domain controller in the cloud for small office?:
@mike-davis said in domain controller in the cloud for small office?:
@gjacobse said in domain controller in the cloud for small office?:
HIPAA security without it.
How do you create a password change policy that gets enforced without a domain controller?
GPO, Salt, JumpCloud, AzureAD, etc.
You are below even Microsoft's long stated minimum use case threshold.
I can see the 'issue' with GPO.. you have to update the GPO per machine (Right?) whereas using a DC, you set the GPO once...
I do think that with eight PCs,.. maybe look at the other options..
-
In line with this topic does SAMBA have some kind of tie in with GPO, where you can create / edit / delete GPO's from within SAMBA?
-
@gjacobse said in domain controller in the cloud for small office?:
I can see the 'issue' with GPO.. you have to update the GPO per machine (Right?) whereas using a DC, you set the GPO once...
I do think that with eight PCs,.. maybe look at the other options..Wouldn't that mean logging on to each machine and creating a local policy to force them to change passwords and then the user would have to do the same thing on the share from the computer acting as the server.
-
@gjacobse said in domain controller in the cloud for small office?:
I can see the 'issue' with GPO.. you have to update the GPO per machine (Right?) whereas using a DC, you set the GPO once...
yes.
-
@gjacobse said in domain controller in the cloud for small office?:
@scottalanmiller said in domain controller in the cloud for small office?:
@mike-davis said in domain controller in the cloud for small office?:
@gjacobse said in domain controller in the cloud for small office?:
HIPAA security without it.
How do you create a password change policy that gets enforced without a domain controller?
GPO, Salt, JumpCloud, AzureAD, etc.
You are below even Microsoft's long stated minimum use case threshold.
I can see the 'issue' with GPO.. you have to update the GPO per machine (Right?) whereas using a DC, you set the GPO once...
I do think that with eight PCs,.. maybe look at the other options..
DC has to do it per machine, just the same.
-
@dustinb3403 said in domain controller in the cloud for small office?:
In line with this topic does SAMBA have some kind of tie in with GPO, where you can create / edit / delete GPO's from within SAMBA?
Tie in? Samba does GPO exactly like any other AD does.
-
@mike-davis said in domain controller in the cloud for small office?:
@gjacobse said in domain controller in the cloud for small office?:
I can see the 'issue' with GPO.. you have to update the GPO per machine (Right?) whereas using a DC, you set the GPO once...
I do think that with eight PCs,.. maybe look at the other options..Wouldn't that mean logging on to each machine and creating a local policy to force them to change passwords and then the user would have to do the same thing on the share from the computer acting as the server.
That's how AD does it, if AD's system isn't enough, then AD isn't the answer.
-
@mike-davis said in domain controller in the cloud for small office?:
@gjacobse said in domain controller in the cloud for small office?:
I can see the 'issue' with GPO.. you have to update the GPO per machine (Right?) whereas using a DC, you set the GPO once...
yes.
No, DC is just handling the centralization for you. You can do this with a script, with Jump, with Salt, etc.
-
@scottalanmiller said in domain controller in the cloud for small office?:
@dustinb3403 said in domain controller in the cloud for small office?:
In line with this topic does SAMBA have some kind of tie in with GPO, where you can create / edit / delete GPO's from within SAMBA?
Tie in? Samba does GPO exactly like any other AD does.
So there is a Group Policy Editor that operates on CentOS or something? (no windows involved)
-
@dustinb3403 said in domain controller in the cloud for small office?:
@scottalanmiller said in domain controller in the cloud for small office?:
@dustinb3403 said in domain controller in the cloud for small office?:
In line with this topic does SAMBA have some kind of tie in with GPO, where you can create / edit / delete GPO's from within SAMBA?
Tie in? Samba does GPO exactly like any other AD does.
So there is a Group Policy Editor that operates on CentOS or something? (no windows involved)
Nothing I said should lead you to ask that question. I think you are not clear on what GPO is.
-
GPO is handled identically on Samba as it is on MS AD. That alone should answer all questions. Any editor that works with MS AD with work with Samba, no editor can tell the difference, as they are identical.
-
@dustinb3403 said in domain controller in the cloud for small office?:
@scottalanmiller said in domain controller in the cloud for small office?:
@dustinb3403 said in domain controller in the cloud for small office?:
In line with this topic does SAMBA have some kind of tie in with GPO, where you can create / edit / delete GPO's from within SAMBA?
Tie in? Samba does GPO exactly like any other AD does.
So there is a Group Policy Editor that operates on CentOS or something? (no windows involved)
Why would you want this? He has Windows machines to manage, so why avoid the Windows desktop tools in a scenario that only works when you have Windows desktops?
