So you think you like the control!
In all company comes a time when network security has to be re eveluated for security reason, data protection compliance or simply for peace of mind. But such action can suddenly send costs spiraling, and leave the users with a feeling of being nannied by the IT manager. Here below is a brief look at the 2 most common approach.
Most home offices, and small companies rely on the Microsoft Workgroup system to share documents and other resources. Though this system is perfectly adequate in a personal environment, the lack of security features, the localised management of permissions and the freedom of the user can turn it into a nightmare for the IT team. The main principle behind Workgroup is to share with other users the files you have on your machine. This can be done by either making the folder "Public", letting anyone on the network see it without providing credentials, or sharing it with a selection of local users. Enabling the guest account is not a solution nor is creating a limited account, as there are many flaws and limitations that make these options unusable. Creating a roaming user account would be the best solution, but as the network grows, making sure that all changes are propagated troughout the office's machines would make it extremely time consuming, leading to expensive.
Active Directory is the opposite. All request are sent to the server, starting with the login. Once the credentials are verified, the user gets his usual desktop, access to his files and other resources regardless of which machine on the network he logs in from. This system is extremely scalable, but creating it from scratch can be an daunting task, with most of the cost sometimes being only for the planning. Though make no mistake, any money saved here will have to be spend later tenfold. From the central server, the admnistrator can send applications and configurations to any station/user that requires it, or just create different goups ie:accounting, management, administration... and give them access to their respective content.
In a small network where everyone has unique requirements, uses their own computers or are "genuinely" computer savvy, the Worgroup is definitely the easiest, most straight forward and prefered choice. But the word "small" is essential here, for as soon as it grows, someone has to be put in charge of its maintenance, permissions and limitations have to be put in place, and a single point of configuration is essential.