Logging in to a domain versus using domain "resources"

Discussion in 'Server Networking' started by DWalker, Jul 24, 2007.

  1. DWalker

    DWalker Guest

    I have what ought to be a simple question about domains.

    I'm a programmer, but not a network expert by any means.

    At our company, all 7 of our users have local logons (on their Windows 2000
    and Windows XP computers) that use their names, not "Administrator", and
    those user names are also set up in the server's Active Directory with the
    same passwords that the users use as their local login passwords.

    Most users "log in" to their local computers, and some might log in to the
    domain. Question: What is the difference, effectively, between logging in
    to the domain, and logging in to the local computer and still using domain
    resources like shared folders?

    We don't have any roaming profiles, there are no printers or other
    "resources" set up in Active Directory (there is only one shared printer,
    company-wide), there are no group policies, and everything is very simple
    here. There is a one-to-one correspondence between computers and users.

    Since the users can all use the shared printer, and the shared folders,
    without re-entering their username and password, is there any real
    difference between logging in locally and logging in to the domain?

    Thanks for any help you can give me in understanding this.

    David Walker
     
    DWalker, Jul 24, 2007
    #1
    1. Advertisements

  2. This defeats one of the primary purposes of using Active
    Directory....centralized account management.
    Right now, you're treating your domain like a workgroup. Your users
    credentials happen to match the credentials on the server - this lets them
    access whatever the domain accounts are granted permission to access. This
    works, but isn't ideal. Your users can't change their own passwords, even.
    Then why do you have AD?
    Yes there are ...you just aren't customizing any of them.
    Group policies (including folder redirection), login scripts, centralized
    account management (a single user ID and password, which the users
    themselves would be able to change), for starters.
    It would be far better to log into the domain and use that account alone -
    disable / delete the local accounts. You can copy the local accounts to the
    domain accounts once they've logged in to the domain once on their
    workstations; do this by logging in as an administrator & going to control
    panel | system | Settings (profile) | copy to....
     
    Lanwench [MVP - Exchange], Jul 24, 2007
    #2
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.