Hey, I've got a bit of a tricky situation with some computers we have. We've got about 30 devices that are only used for one month every year. The rest of the time, they sit plugged in but powered off. Currently, they're not on our domain and just have a simple password for access. I'm uncomfortable with this setup and want to make it more secure and managed. Ideally, I'd add them to the domain and set up proper patching and security measures, which would cost around $7 per device each month. But since these computers are mostly idle, it feels like a waste of resources.
I've thought about creating a user account for them that would be disabled most of the year, but they still wouldn't receive updates until that one month. I'd love to hear thoughts about how to handle security and management for these rarely used machines. Any insights or alternatives?
5 Answers
If these computers are just meant for web access during the event, consider virtualizing them. You can host a virtual session that staff can connect to when needed, rather than relying on old hardware that might fail. This way, you can maintain better control without needing to constantly manage physical machines.
You might want to just keep them powered on and perform updates regularly, like quarterly maintenance. This way, you won’t kick off random problems when they need to be fired up. And a secure password is crucial, especially with those machines not being domain-joined. If they ever go online, they could be an easy target for breaches.
Yeah, that makes sense. I've been weighing some of those options. Thanks for confirming!
Totally agree. Users should get proper training on security as well.
One option you might consider is putting them on a separate domain. That way, you can control access better while still maintaining some managementability without them being fully integrated into your main system. Just remember, a lot of tools might remove or disable those computer objects after 90 or 180 days, which could cause some headaches later. An isolated network setup with a dedicated domain controller might work well: only allow them to communicate with necessary systems and shut them down when they're not in use. When it's time to turn them back on, give them a heads up to update in advance.
Thanks for the suggestion! That sounds really worth looking into.
Even if they're used infrequently, those PCs still need to meet compliance standards. Every device, regardless of usage, needs some level of security management. Regular updates and checks might save you headaches in the long term. Just because it's idle doesn't mean it should be unsecured.
I get that, and that's exactly what worries me. I just need to convince the higher-ups of the importance.
It’s definitely worth weighing the cost of licensing against the time it would take to manage those machines manually. If you can license month-to-month, that could work, but factor in how long it takes you versus just paying for the license. Sometimes, keeping things simple costs less in the long run.
Good points! I'll have to check how the monthly licensing works.
True, time is money! Don't forget about potential overtime if things go sideways.
Interesting idea! Virtualization might help streamline things if the old machines can handle it.