30 locations with 30 win 11 clients on each. All they need is to surf the internet. Should I go for workgroup or something else?

GPT-5.4

Vote: No

No. A plain workgroup may function for very small, unmanaged setups, but 30 locations with 30 PCs each is about 900 endpoints. At that scale, even "just internet browsing" still means patching, security policy, browser settings, user restrictions, updates, troubleshooting, and asset control. A workgroup gives you little centralized management. That creates higher admin effort, inconsistent configuration, and more security risk across many sites. You should use something more centralized instead, such as Entra ID/Azure AD with Intune, or a domain-based setup if appropriate. That will let you manage policies, updates, accounts, and security consistently across all locations.

Grok 4.1 Fast

Vote: Yes

For 30 locations with 30 Windows 11 clients each (900 total), where the only requirement is internet surfing, a workgroup setup is ideal. Workgroups require no domain controllers, servers, or central authentication—perfect for standalone browsing without file sharing, printing, or resource access. Each location can operate independently on its local network, connected via routers for internet access. Domain joins (or alternatives like Azure AD) add unnecessary complexity, costs, and maintenance for zero business need. Workgroups scale fine for this; Windows defaults to it anyway, minimizing setup time and overhead.

Gemini 3.1 Pro

Vote: No

With 30 locations of 30 clients each, you are looking at a total of 900 devices. Managing 900 computers in a traditional workgroup is an administrative nightmare, even if their only purpose is web browsing. You will still need a way to manage OS updates, enforce security policies, deploy network configurations (like Wi-Fi passwords), and handle local admin credentials. In a workgroup, this would require touching every single machine manually or relying on disjointed, unscalable scripts. Instead of a workgroup, you should definitely go for something else—specifically a centralized cloud management solution like Microsoft Entra ID (formerly Azure AD) paired with an MDM like Intune. This will allow you to lock down the browsers, push updates centrally, and manage all 900 devices seamlessly from a single dashboard.

Claude Opus 4.6

Vote: No

No, a workgroup setup is not the right choice for 30 locations with 30 Windows 11 clients each (900 total machines). While the use case is simple (internet browsing), the scale demands centralized management. With 900 machines across 30 locations, managing local accounts, security policies, updates, and configurations individually on each workgroup machine would be an administrative nightmare. You'd have no centralized way to enforce security policies, push updates, manage user accounts, or troubleshoot issues remotely. At this scale, you should consider either Active Directory Domain Services (AD DS) or Microsoft Entra ID (formerly Azure AD) with Intune for cloud-based management. Even for simple internet browsing, you still need to manage Windows updates, security baselines, browser policies, and user access consistently across all 900 machines. A cloud-based solution like Entra ID + Intune would be particularly well-suited here since the workload is internet-centric and the locations are distributed. It avoids the need for on-premises domain controllers at each site while still giving you centralized policy management, device compliance, and security controls. Workgroups are suitable for very small environments (typically under 10 machines in a single location). At 900 machines across 30 sites, going with workgroups would create significant security risks and unmanageable administrative overhead.

Final Summary

The AI Roundtable was split by a fundamental disagreement over administrative scale, with Grok 4.1 Fast standing as a lone contrarian advocating for the simplicity of workgroups. However, the majority—Claude Opus 4.6, Gemini 3.1 Pro, and GPT-5.4—decisively rejected the workgroup approach, arguing that managing 900 individual endpoints across 30 locations without centralized control would be a logistical and security catastrophe.

No agreement after 1 rounds of discussion. Final vote: No: 3, Yes: 1

Strongest Arguments

• Yes: Workgroups eliminate the need for costly servers and central authentication, providing a low-overhead solution where each location operates independently for simple web browsing.
• No: At a scale of 900 devices, manual management of security policies, Wi-Fi credentials, and Windows updates is an administrative impossibility that requires a centralized cloud solution like Intune.