Domain or workgroup

SARA ALQADEERI 21 Reputation points
2021-04-27T21:35:53.843+00:00

In general, which is more secure to have a server (web server or application server ...etc) in workgroup or to have a server joined into AD domain? and what will happen if one server joined in the domain get hacked is it going to affect all the other servers in that domain?**

Windows for business | Windows Client for IT Pros | Directory services | Active Directory
0 comments No comments
{count} votes

Accepted answer
  1. Anonymous
    2021-04-28T01:47:08.46+00:00

    Hello @SARA ALQADEERI ,

    Thank you for posting here.

    I think it depends on your requirements.

    Here is my suggestion for your reference.

    In general, which is more secure to have a server (web server or application server ...etc) in workgroup or to have a server joined into AD domain?
    A: If the web server or application server do not need domain function, you can put it/them in workgroup and do not connect to Internet.

    And what will happen if one server joined in the domain get hacked is it going to affect all the other servers in that domain?
    A: Probably not, unless the domain administrator's password is stolen, it may affect other machines in the domain.

    Here is a similar case for your reference.
    Should Windows Web Servers be members of an Active Directory Domain
    https://serverfault.com/questions/16773/should-windows-web-servers-be-members-of-an-active-directory-domain

    Please note: Information posted in the given link is hosted by a third party. Microsoft does not guarantee the accuracy and effectiveness of information.

    Hope the information above is helpful.

    Should you have any question or concern, please feel free to let us know.

    Best Regards,
    Daisy Zhou

    ============================================

    If the Answer is helpful, please click "Accept Answer" and upvote it.


1 additional answer

Sort by: Most helpful
  1. Anonymous
    2021-04-27T22:45:53.703+00:00

    If a public web service is being deployed probably isolating in a DMZ network would be recommended or better yet host it on Azure. There's really no advantage to having a public web server joined to domain.

    --please don't forget to Accept as answer if the reply is helpful--


Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.