Re: Logging in to a domain versus using domain "resources"

DWalker <none@xxxxxxxx> wrote:
I have what ought to be a simple question about domains.

I'm a programmer, but not a network expert by any means.

At our company, all 7 of our users have local logons (on their
Windows 2000 and Windows XP computers) that use their names, not
"Administrator", and those user names are also set up in the server's
Active Directory with the same passwords that the users use as their
local login passwords.

This defeats one of the primary purposes of using Active
Directory....centralized account management.

Most users "log in" to their local computers, and some might log in
to the domain. Question: What is the difference, effectively,
between logging in to the domain, and logging in to the local
computer and still using domain resources like shared folders?

Right now, you're treating your domain like a workgroup. Your users
credentials happen to match the credentials on the server - this lets them
access whatever the domain accounts are granted permission to access. This
works, but isn't ideal. Your users can't change their own passwords, even.

We don't have any roaming profiles, there are no printers or other
"resources" set up in Active Directory (there is only one shared
printer, company-wide),

Then why do you have AD?

there are no group policies,

Yes there are ...you just aren't customizing any of them.

and everything
is very simple here. There is a one-to-one correspondence between
computers and users.
Since the users can all use the shared printer, and the shared
folders, without re-entering their username and password, is there
any real difference between logging in locally and logging in to the
domain?

Group policies (including folder redirection), login scripts, centralized
account management (a single user ID and password, which the users
themselves would be able to change), for starters.

Thanks for any help you can give me in understanding this.

It would be far better to log into the domain and use that account alone -
disable / delete the local accounts. You can copy the local accounts to the
domain accounts once they've logged in to the domain once on their
workstations; do this by logging in as an administrator & going to control
panel | system | Settings (profile) | copy to....


David Walker



.

Relevant Pages

  • RE: Crossover Cable Problem
    ... >> Make sure the accounts on both machines have passwords assigned to ... The computers do not need to be in the same Workgroup to share ... "Internet Worm Protection" enabled which is a type of firewall. ...
    (microsoft.public.windowsxp.network_web)
  • Re: shareing XP Pro folders in a workgroup problem
    ... You will need to create accounts with same names and passwords on each ... Make sure you keep the passwords in sync. ... Small Business Server 2003 - a reasonably priced version of Windows Server ... Unfortunate under "location" it only mentions the> local computer and if you try to change the location it does not see> any other locations of the other computers. ...
    (microsoft.public.windowsxp.security_admin)
  • Windows 2003 Pop3 problem
    ... The problem was that when I logged into the server and opened Outlook to ... these accounts are ones that pick up mail from this server etc, ... whether its a case of the passwords stored for the email accounts just get ... before I open Outlook when logging in. ...
    (microsoft.public.win2000.advanced_server)
  • Re: Error Messag IPSC$
    ... If these computers are running Windows XP Professional you need to have ... accounts with matching names (and passwords, if used) on each PC in the ... other computers in the workgroup must have an account named "John" to avoid ...
    (microsoft.public.win2000.networking)
  • Re: Active Directory Value Proposition
    ... Two or 3 computers? ... Central administration of accounts, permissions, and policy. ... What are the risks? ... > Would you recommend using Active Directory in a small-business setting? ...
    (microsoft.public.win2000.active_directory)