best praktices on the small soft site. Search for the phrase active directory palaning.

It all depends on the company and its management.
According to the mind, it is necessary not only to describe business processes, but also to develop new rules and policies.
All this must be coordinated with the authorities (but they may not be interested, then you should not even try).
It is possible to put various software by organizational measures. Including for the inventory and audit of installed programs (then check with the procurement documents for compliance).
That is, to push some additional job descriptions for users through the authorities (make backup copies, remove games and unnecessary software, close access to shared folders). For non-compliance, a fine.

If there is still no one to plan and schedule schedules, you can use the poke method.
1. Take some old system unit (but with a decent - both in size and speed - screw) and put on it, for example, Debian.
2. Copy from the user's machine to his share on the server with approximately the same name, close it and announce to everyone (including this user) that his files are now on this server share.
3. Repeat with other users until the personal ball is completely destroyed.
4. Find out if there is a need to restrict access to some data for some users. If it exists, this is already a reason to start a Windows server, AD, etc. If nothing of the kind has been revealed, it remains to configure the server backup (perhaps by simply taking another old system manager ...).

The first step is to set up the network. If there is no DHCP, it can cause problems with network loops and other things.
It is necessary to centralize all shared folders. Since most likely there is no backup. And all sorts of ransomware viruses will simply bring down all the work.
See what equipment they have. Perhaps it should be updated.
Look at what ports are forwarded to the network. Because there are vulnerabilities.
Check your antivirus protection.