Good day!

I arrived at a small organization, specifically a mini-hotel.

Initial specifications:

There are 6 computers and around 10 regular users, with some computers being shared among multiple users. The operating system used across all computers is Windows.

They have one server that runs 1c software and file management on Windows Server.

Additionally, they have a pair of multifunction printers and a pair of regular printers.

Given this context, I have a few questions based on my experience that I am curious about:

1. Is it worth implementing a domain? Currently, each computer has a single user without a password. What are the pros and cons of setting up a domain in this particular case?

2. What is the most efficient way to organize file storage? Presently, people create files locally and only occasionally transfer them to the server when necessary. How can this process be improved? Should local desktop folders be cleaned up?

3. The antivirus licenses for all PCs will expire at the end of the year. I plan to order new ones, but the issue is that the server does not handle internet distribution. Can I install the necessary antivirus software on the server to secure the entire network?

Apart from these questions, do you have any other recommendations for effectively organizing such a network?

In my opinion, it is indeed worth considering, especially if users need to log in from different computers. Having movable profiles can also be beneficial. It is crucial to enforce passwords and ensure that there is at least versioning (edit history) available for documents.

If there are no immediate plans for implementing a document management system and you prefer not to move profiles, I suggest that the network folder(s) should be located under the enterprise's documents (while personal files can still be stored locally). Regular backups should be performed, and there should be a reliable procedure in place to restore the server in case of hardware failures like a faulty hard drive or motherboard. If users are experiencing slow network speeds, you can explore the option of folder and file synchronization.

Implementing antivirus checks, as well as accounting and blocking of all network traffic and files solely through the server, is technically possible. However, it's important to note that the probability of workstations getting infected will be higher compared to having antivirus software installed locally. This is because the server won't be able to scan external sources such as flash drives or detect packaged viruses.

In my opinion, antivirus solutions for small businesses, especially for mini-hotels that handle personal data subject to various laws and regulations, can be quite expensive. Many places find it challenging to manually collect and process data on paper, as required by these laws and may benefit from automated systems.

One option worth considering is Microsoft's solution, Windows Small Business Server, which already has all the necessary features for setting up a small local network:

- It provides file storage capabilities.
- User access can be easily configured and controlled, including access to the internet, files, and computers.
- Antivirus protection is included.
- Automatic updates are available.
- Backup functionality is provided.
- A mail server is included.
- It also offers a web server for both internal and external organization websites.

Having these features integrated into one solution can simplify the process of setting up and managing a small local network. It allows for efficient organization and ensures that essential functions, such as file sharing, user access control, and data protection, are readily available.

For internet distribution, it is advisable to install a router.
To efficiently manage updates across the network, consider running WSUS on the server and distributing updates from there. It's important to note that relying solely on antivirus software will not fully secure the network; a comprehensive and well-designed setup is essential.

Additionally, make sure to disable any unnecessary services to minimize potential vulnerabilities.
If needed, you can set up OpenVPN for secure connections to the server. Remember to establish strong and complex passwords for enhanced security measures.

I would provide the following detailed recommendations for effectively organizing the network in your small mini-hotel organization:

1. Implementing a Domain:
  Pros:
  - Centralized User and Computer Management: A domain allows you to create user accounts, set password policies, and manage permissions centrally, improving security and user experience. This includes features like group policies, user profile management, and access controls.
  - Roaming User Profiles: Users can access their personalized desktop settings, applications, and files from any computer on the domain. This ensures a consistent user experience regardless of the device they use.
  - Simplified Software Installation and Updates: Applications can be deployed and updated across the domain using Group Policy or other centralized software deployment tools, reducing the maintenance burden on the IT team.
  - Improved Resource Sharing: Network resources, such as printers, shared folders, and network drives, can be easily managed and accessed through the domain, streamlining collaboration and file sharing.
  - Enhanced Security: The domain environment provides additional security features, such as password complexity requirements, account lockout policies, and the ability to audit user activities.

  Cons:
  - Initial Setup and Configuration Complexity: Implementing a domain requires more advanced IT skills and planning to set up properly, including configuring the domain controller, creating user accounts, and establishing the appropriate group policies.
  - Hardware and Software Requirements: You'll need a dedicated server running Windows Server to host the domain controller, which adds to the hardware and licensing costs for the organization.
  - Training for Users: Users may need to adjust to the new domain-based login process, which can take time and require some level of user training and documentation.
  - Ongoing Maintenance: The domain controller and associated services require regular monitoring, updates, and backups to maintain the integrity of the network.

  In your case, with 6 computers and 10 regular users, a domain would be a worthwhile investment to improve security, user experience, and IT management. The benefits typically outweigh the initial setup efforts for a small organization like yours, and the centralized control provided by the domain can lead to significant efficiency gains in the long run.

2. Organizing File Storage:
  - Centralize File Storage on the Server: Encourage users to store their files on the server's shared folders instead of locally. This ensures data backup, version control, and easier sharing and collaboration among team members.
  - Implement User-specific Folders: Create a folder structure on the server with individual user folders, as well as shared team or department folders, to keep files organized and accessible to the appropriate users.
  - Utilize Folder Redirection: Configure the user's desktop, documents, and other folders to automatically redirect to the server-based locations. This ensures files are saved to the central storage by default, reducing the risk of data being stored locally.
  - Clean up Local Desktops: Instruct users to minimize the use of local desktop folders and instead use the server-based storage for their day-to-day work. This helps maintain a clean and organized user environment.
  - Implement a File Backup Strategy: Schedule regular backups of the server's shared folders to an external hard drive or cloud storage to protect against data loss. Consider using a backup solution that offers features like versioning, retention policies, and remote/offsite backup capabilities.
  - Establish File Naming Conventions and Folder Structures: Develop and communicate clear guidelines for file naming, folder organization, and document versioning to ensure consistency and ease of access across the network.

3. Antivirus Software Deployment:
  - Install the antivirus software on the server: Since the server does not have direct internet access, you can install the antivirus software on the server and configure it to manage the client computers on the network.
  - Utilize the antivirus server-client architecture: The antivirus software should have a server-client deployment model, where the server component manages the client installations, policy updates, and threat detection/remediation.
  - Configure the client computers to communicate with the antivirus server: Ensure that the client computers are set up to regularly check for updates and receive instructions from the antivirus server.
  - Implement a centralized antivirus management console: Use the antivirus software's management console to monitor the network's security status, deploy updates, and manage any threats or incidents.

  This approach will allow you to centrally manage the antivirus protection for the entire network, even without direct internet access on the server.

Additional Recommendations:
- Implement a backup and disaster recovery plan: Regularly backup the server's data and configuration, and test the restore process to ensure business continuity.
- Consider upgrading the server hardware: Evaluate the server's performance and capacity to handle the growing needs of your organization. Upgrading the server may improve overall system reliability and responsiveness.