How do you manage computers without Active Directory?

I need to setup between 5 - 10 computers to start with for a charity organization which can't offord to be running a dedicated server that maintains group policies for a growing number of staff. Is there a way I can manage policies of each computer without having to physically change the local security policies. The computers run a combination of Windows XP, Vista and 7.


I would weigh the initial cost of setting up 10 computers one time with minimal administrative work vs. the management of a domain. For example, two domain controllers would be advisable for redundancy/reliability's sake and their configuration can take a fair bit of time. This contributes to a greater financial cost and might contribute to a greater cost in man-hours. It also adds to the complexity of your network, which will more than likely make more work for you down the line without much tangible benefit.

On the other hand, working with 10 machines local policies is comparatively cut and dry. I doubt you will be micromanaging security policies in your day to day activities. Updates can be troublesome, but properly applied once you've tested them. AV/malware/intrustion utilities can also be annoying with some minimal administration.


Microsoft offer a special licensing program for charities, the discounts are quite big and for just running an AD you can use two old PC's with a couple of gigs of ram.

See for details


You might want to try TechSoup. If your organization qualifies you could probably get a copy of Window Server 2008 R2 for less than $100 dollars. I believe you'll get about 50 seat licenses with it as well. And as previously pointed out, you don't need heroic hardware to run Active Directory in your situation. You can even run other server roles without significant trouble.

If you are actually in a situation that requires Active Directory, you will find that every substitute falls far short.