GPO processing can significantly slow down log-on times across slow links - so it depends on what you configure for slow-link detection and how many GPOs you have.
I'd look at 50 or 100 as the minimum number of machines to justify a DC. Remember - a compromised DC means your entire (Windows) infrastructure is compromised, so I would not consider this for small branch offices (unless you are looking at RoDC or have good physical security). However the minimum number of workstations would be dependent on the type of network links you have. Cheers Ken > -----Original Message----- > From: Charlie Kaiser [mailto:[EMAIL PROTECTED] > Sent: Wednesday, 2 July 2008 11:53 PM > To: NT System Admin Issues > Subject: RE: Remote Location AD Question > > Your lockdown will be MUCH easier making them domain members and using > GP for the lockdown. If you need to change one feature of the lockdown, > it will have been worth it to use GPs, especially if you can't change > something on the desktop because of the lockdown. LOL. > The domain auth traffic won't be excessive. If everything else is RDP, > you should be fine. If you're running OL on the desktops you'll add to > your traffic, both data and auth, but if everything is RDP, it should be > a breeze. I've done similar with over 50 workstations using fractional > T1s with no problems... > > ********************** > Charlie Kaiser > W2K3 MCSA/MCSE/Security > ********************** > > > > -----Original Message----- > > From: N Parr [mailto:[EMAIL PROTECTED] > > Sent: Wednesday, July 02, 2008 6:23 AM > > To: NT System Admin Issues > > Subject: Remote Location AD Question > > > > How many member workstations would you put at a remote location > connected with a Site to > > Site VPN over a T-1 without a local DC? Only other traffic on the > line will be an IP phone, > > random print jobs and RDP sessions from remote workstations. What I'm > thinking is since > > these remote workstations will run everything over their RDP sessions > I shouldn't even > > bother making them domain members. Just lock them down and only allow > them access to > > RDP. > > Thanks > > Niles > > > > > > > ~ Upgrade to Next Generation Antispam/Antivirus with Ninja! ~ > ~ <http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm> ~ ~ Upgrade to Next Generation Antispam/Antivirus with Ninja! ~ ~ <http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm> ~
