A department of 15 engineers needs team-only access to shared data, with frequent staff changes and no single designated admin. Which Windows workgroup/domain model best fits this scenario?

Difficulty: Medium

A workgroup mode, with each engineer administering his or her own computer
A single domain mode, keeping all data on the domain controller
A master domain model, with each engineer trusting the master domain and storing data centrally
A complete trust mesh where each engineer’s computer mutually trusts all others
None of the above

Correct Answer: A workgroup mode, with each engineer administering his or her own computer

Explanation:

Introduction / Context:
Choosing between a workgroup and a domain hinges on administrative centralization, policy needs, and scale. In small teams with fluid membership and no appointed administrator, minimizing central dependencies while still controlling access to shared data can be practical.

Given Data / Assumptions:

Team size is small (about 15 engineers).
Frequent arrivals and departures make centralized account lifecycle management challenging.
Data must be accessible only to team members (not the entire organization).
No single administrator is identified to manage a domain infrastructure.

Concept / Approach:
A workgroup allows local control on each machine, ad-hoc file sharing, and NTFS permissions to restrict access to the team. While domains provide stronger centralized control (Group Policy, centralized authentication), they require domain controller management and clear administrative roles. For this scenario’s constraints, a workgroup satisfies the ‘‘no single admin’’ requirement while still enabling engineers to protect and share resources locally.

Step-by-Step Solution:

Create local accounts (or use shared credentials) limited to team members on the file host(s).Configure NTFS/share permissions so only those accounts access the team data.Delegate routine tasks to individual engineers for their own computers.Revoke departing members by removing their local accounts from the share host(s).

Verification / Alternative check:
Test access from a non-team machine/user; permissions should deny entry. Confirm that team members can read/write as required. Assess administrative overhead versus a small domain—if later growth occurs, migrating to a domain may be justified.

Why Other Options Are Wrong:

Single/master domain models centralize administration and require defined admins; not aligned with ‘‘no single administrator’’ constraint.
A complete trust mesh is complex and unnecessary; it does not inherently solve access control better than a simple workgroup for such a small team.

Common Pitfalls:
Using the same local password across many machines can be risky. Document procedures for onboarding/offboarding to keep permissions current.

Final Answer:
A workgroup mode, with each engineer administering his or her own computer

Discussion & Comments

No comments yet. Be the first to comment!

A department of 15 engineers needs team-only access to shared data, with frequent staff changes and no single designated admin. Which Windows workgroup/domain model best fits this scenario?

More Questions from Windows NT

Discussion & Comments