Re: Domain vs local logon

"Asher_N" <compguy666@xxxxxxxxxxx> wrote in message
news:Xns9745EBD85675Ccompguy666hotmailcom@xxxxxxxxxxxxxxxx
> You use a standard domain user account, and make that domain account a
> member of the local admin group.
>
> =?Utf-8?B?QW5keSBQ?= <AndyP@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in
> news:F14A415D-C372-439F-AE9E-20516AE2E849@xxxxxxxxxxxxx:
>
>> Thank you for your response. Let me extend it a little further. I have
>> some executives in a company I support that company policy dictates
>> should be administrators of their XP Pro notebooks. They also need
>> user domain accounts (no admin privileges in the Domain). Should I
>> create local accounts with admin level privileges on each notebook,
>> should I use Domain accounts or should I use both?
>>

What Asher says is correct. It may not be a good policy but if
you want them to be admins (24/7) of their machines make their
domain account a member of Admins on the XP machine.

Alternatively if they should use the privileges RARELY give
them a separate account and explain that they are to logon with
the NON-admin Domain account for working and the local
Admin account ONLY for admin.

This way, if they download a virus/trojon it will not automatically
be an admin.


--
Herb Martin, MCSE, MVP
Accelerated MCSE
http://www.LearnQuick.Com
[phone number on web site]


>> "Joe Richards [MVP]" wrote:
>>
>>> Because the system is trying to help you and sending the
>>> userid/password across the wire to auth you on the remote system with
>>> the other ID. This is just one reason why you shouldn't use the same
>>> password on your accounts.
>>>
>>> --
>>> Joe Richards Microsoft MVP Windows Server Directory Services
>>> www.joeware.net
>>>
>>>
>>> Andy P wrote:
>>> > Hello everyone,
>>> >
>>> > I have a local admin account on an XP Professional PC with the same
>>> > name and logon credentials as another admin account on a domain
>>> > controller. The XP PC has been joined to the domain. I typically
>>> > logon to the XP PC by entering my credentials once but I seem to be
>>> > able to access domain resources and run applications within the
>>> > domain without problem. Can anyone explain this as I believe the
>>> > two accounts should have different SIDs.
>>> >
>>> > Thank you in advance for your assistance
>>>
>>
>


.

Relevant Pages

  • RE: Deployment / Debugging Problem
    ... I always login as local admin on three different dev boxes and still have ... > logged out an back in with my normal domain account and everything works the ... >> partnership to be established. ... >> up, Activesynch establishes a partnership, and redeploy ...
    (microsoft.public.pocketpc.developer)
  • Re: setting incoming email
    ... I found an article that said you should change it through wss central admin ... backend but if I look at the app pool it is changed to the domain account I ...
    (microsoft.public.sharepoint.windowsservices)
  • Re: Domain vs local logon
    ... >>> user domain accounts (no admin privileges in the Domain). ... > domain account a member of Admins on the XP machine. ...
    (microsoft.public.windows.server.active_directory)
  • Re: local rights when logging into a domain
    ... for Office the domain account does not ... need to be a member of the local Administrators group. ... any admin, ... > without the user having admin rights. ...
    (microsoft.public.windowsxp.security_admin)
  • Re: Problem getting w2kPro to become part of domain
    ... > machine that is member of Workgroup and a WinXp machine that is member of ... > using a domain account. ... But on the W2kPro I have same user name as a local ...
    (microsoft.public.windows.server.networking)