October 2014 IT Business Consulting Newsletter

Consider a Server to Manage Your Environment

By Tom K

A number of my recent newsletters have discussed managing and protecting your computers, your users, and your digital resources. The articles invariably note that management tasks are greatly simplified and security is greatly enhanced in a Server-based network.

If you have more than 10 PCs in your environment, a small Server will pay for itself in reduced management costs and improved security. Even if you only have a few PCs, a small Server is well worth the investment.

In this month’s newsletter, I highlight management tasks that are simplified and security elements that are enhanced through the use of a Server with Active Directory, and discuss the positive return on this investment.

Server Centric Management

A Server with Active Directory functions as a centralized command center to control most of your computing assets from one place. Without this tool, you have to manage all of your assets individually from each PC, OR (cringe) expect your users to manage their user accounts, PCs, and security policies themselves.

While your Property Management System (PMS) may be in "the Cloud" so you don't need a server to drive your PMS, you still have PCs and Users and Data and Security Requirements, which all consume management resources. Let's take a look at the major elements that you can control and the advantages of a Server Centric Management environment.


Central management of all your company PCs is one of the most valuable advantages of a Server.

In a Server environment you can utilize centralized Anti-Virus (AV), which allows you to see the status of all your PCs at a glance, automatically install or update the AV software on your PCs, set up global AV config's to be applied to all PCs, get email alerts whenever any PC experiences any viral activity, and remediate any AV issues... all from one console. As a bonus, corporate AV licenses tend to be less expensive than consumer licenses. See "Protect Your Company from Viruses and Malware with Enterprise Anti Virus Systems" for more information.

Microsoft Updates can be centrally managed in a Server environment, similar to AV. This free tool (WSUS) allows you to see the update status of all your PCs, manage the complete update process, and remediate any errors from one console. See "Centrally Manage Microsoft Updates Across Your Enterprise" for more information.

PC configuration and security settings can also be centrally managed. In a Server environment you can edit a PC configuration/security setting in Group Policy and it gets applied to every PC. Need to tweak a setting on all of your PCs? With Group Policy, you make the edit once on the Server and it is pushed to all your PCs. Without a Server, you have to go into the local policy editor or the Control Panel of every PC to make the change. See "Use Group Policy to Centrally Tune YOUR Business Computing Environment" for more information.

Without these central management tools, you need to configure, manage, and monitor each PC individually, and your users can change the configs you've worked so hard to manually set up on each individual PC.

If your company processes credit cards, AV, Updates, and many PC security settings are required for PCI compliance. To ensure compliance, you'd need to revisit each PC regularly to ensure that these processes are working properly, and that users haven't altered any config's on any PCs. See "Take Credit Cards?? PCI DSS Challenges" for more information.

In a Server environment, you can monitor all this with a quick glance at a couple of consoles, and manage/remediate with ease from one desk. Equally important, the users can't change your config's or disable any processes.


In a non-Server environment, user accounts are set up on each individual PC. You have no means to centrally manage rules pertaining to your users' account credentials or their permissions to resources and data on devices other than their PC. If you want to set up controls on user account settings and provide access to data on other PCs, this needs to be done on each individual PC.

This is especially important if your company touches credit cards, as PCI requires that specific rules relating to user account policies be applied to each user.

In a Server environment, user account creation, modification, and policies pertaining to the user account are all centrally managed. Set up a user once, and their account parameters follow them on any PC in the company. Change a global parameter (i.e. a PCI required security setting) and it automatically applies to all your users. The Server environment also makes it very easy to grant or change a user's access to resources... all from one console!


In a non-Server environment, company data is often spread across all of the company's PCs. Some of the company data may be stored on "the main PC", but Betty's docs live on Betty's PC and Dave's docs live on Dave's PC, as do the company docs that they've each created.

Sharing the docs stored on Betty's and Dave's PCs is cumbersome, as the shares have to be set up on each PC, as do the sharing permissions for each directory and for each coworker that is to be given access. Because of this, permission settings for shared docs on a PC tend to be either "everyone in the company gets full control to everything", or "no one gets access to anything".

Files stored on PCs are usually at risk, as companies rarely go to the trouble of regularly backing up each individual PC. If Betty's PC's hard drive dies, all of the files stored on Betty's PC are gone. If Betty stored important company documents on her PC, this could be painful (and costly).

In a Server environment, all of the company and user files are stored in a logical file structure on the Server, so everything is easy to get to and easy to find. Permissions are easily applied to the file structure and to the users, as both are centrally managed. Permissions and access can be granted in a very granular fashion, so that any user can access the files they need, but can't see those files they shouldn't have access to. See "Simplify Data Organization and User Management" for more information.

Since all the company's data is in one place, it is very easy to back up... automatically and inexpensively. See "Backup the Company Jewels!" for more information.


In a Server environment, you install your network printers on the Server. Then, installing any printer on any PC is a very simple process (essentially 2 clicks). Need to update a printer driver? Update it on the Server and it is automatically pushed down to all of your PCs.

Return On Investment (ROI)

As you can see from the information above, the time necessary to manage PCs, Users, Data, and Printers can be greatly reduced using a Server with central management tools. Security is also enhanced through central management, as is the safety of your very important company data. Add to this the improvements in staff collaboration due to secure and easy shared data access, and you can visualize the financial and operational benefits.

But what is the cost?

I just purchased a nice Server with all licensing and 3 yr on-site support for a small company (10 PCs), purchased 3 yrs of Corporate Anti-Virus, and provided for 3 yrs of cloud based BU (1000 GB). The total for the hardware, software, licensing, and backup space was just under $3000. Adding a very conservative $1000 for setup and occasional maintenance, the 3 yr total cost of ownership for the complete package is about $4000.

So, if we amortize the cost of the Server package across 10 PCs for 3 yrs, the cost is $11/PC/mo. Reviewing all the advantages described above, it is easy to understand how we can realize a monthly management cost savings of $11 per PC, thus paying for the Server.

If you have 20 PCs, the break-even number is only $5.56 in mgmt cost savings per PC per month.

$4000 (Server & SW & licensing & setup) / 10 PCs / 3 yrs = $133/PC/yr /12 months = $11/PC/mo
$4000 (Server & SW & licensing & setup) / 20 PCs / 3 yrs = $66.7/PC/yr /12 months = $5.56/PC/mo

Note that it is not unusual to get 5 years service out of a quality server, so these numbers can be further reduced:

$4000 (Server & SW & licensing & setup) / 10 PCs / 5 yrs = $80/PC/yr /12 months = $6.67/PC/mo
$4000 (Server & SW & licensing & setup) / 20 PCs / 5 yrs = $40/PC/yr /12 months = $3.33/PC/mo

While there are many additional benefits available when you have a Server in your environment, I firmly believe that the advantages presented above, along with the ROI, provide a very positive case for adding a Server and Active Directory to any PC centric environment.

If you have any questions about any of the info in this article, or if there is anything I can do to help you reduce your management headaches, improve your operations, and enhance your security position by using Server Centric Management, please don’t hesitate to contact me at TomK@TomKConsulting.com, or via my cell 443.310.5110.

Next month I’ll discuss backing up your data if you still don't have a server, or while you're waiting for your new "pays for itself" Server to arrive.