• RSS
  • Twitter
  • FaceBook

Security Forums

Log in

FAQ | Usergroups | Profile | Register | RSS | Posting Guidelines | Recent Posts

Logging in local vs Domain

Users browsing this topic:0 Security Fans, 0 Stealth Security Fans
Registered Security Fans: None
Post new topic   Reply to topic   Printer-friendly version    Networking/Security Forums Index -> Exchange 2000 // 2003 // 2007 & Active Directory

View previous topic :: View next topic  
Author Message
dolphin1
Just Arrived
Just Arrived


Joined: 22 Aug 2010
Posts: 0


Offline

PostPosted: Sun Aug 22, 2010 4:03 pm    Post subject: Logging in local vs Domain Reply with quote

i understand logging into to the domain becuase it authenticates you and you have certain permissions to other things that you would'nt have when you log in locally to the machine. But my Question is when i log in and look at both the system propertis and look at domain at which both are attached to , they are apart of the same domain. IE( mitll.ad.local) So my guess is as what i stated at the beginning of the Question as far local and domain, so even though your logged on locally and do not have the same rigths as you would being logged on to the domain, you are still apart of the domain, Which leads me to another Question, So being logged on locally to the machine, Do certain items get cached from the domain even though your logged on locally? Shocked
Back to top
View user's profile Send private message
CoreDefend
Forum Fanatic
Forum Fanatic


Joined: 25 May 2010
Posts: 16777215
Location: USA

Offline

PostPosted: Thu Sep 02, 2010 9:34 pm    Post subject: Reply with quote

With Windows 2003 and below, 10 windows logon credentials are cached.

When you login locally, you can still interact with the computer and view domain properties on the local computer. You, cannot, however interact with the domain, i.e access file shares, outlook/email, print shares (unless the local account has the same username/password as a domain account).

Yes, a lot of information from the domain is stored locally. If someone has access to a local account on a computer, it is very easy to escalate their privileges and gain access to the domain.
Back to top
View user's profile Send private message Visit poster's website
cantthinkofanickname
Just Arrived
Just Arrived


Joined: 04 Nov 2006
Posts: 1


Offline

PostPosted: Mon Oct 04, 2010 1:23 pm    Post subject: Reply with quote

If when I add clients to the domain. I have most machines with an admin and user password configured when they were local.

What is the best practice for changing the users and their passwords that were previously setup on the local machine?

What is the consideration in terms of the type of license the client or users may have?

SBS 2008.
Back to top
View user's profile Send private message
pedro walton
Just Arrived
Just Arrived


Joined: 17 Nov 2010
Posts: 0
Location: philippines

Offline

PostPosted: Wed Nov 17, 2010 9:48 pm    Post subject: Reply with quote

It is always a best practice to keep 1 local account on desktops, which is the administrator account. creating local accounts for users will just pose a lot of security issues so much more if they are techy. Its best to keep local accounts to a minimun-which 1 local admin account. Users should have their accounts controlled by GPO Policy on the domain level.

Peter Walton
Web Design and Development | Research and Administrative Support
Back to top
View user's profile Send private message Visit poster's website
cantthinkofanickname
Just Arrived
Just Arrived


Joined: 04 Nov 2006
Posts: 1


Offline

PostPosted: Thu Nov 18, 2010 8:13 pm    Post subject: Reply with quote

Thanks, what I've done now is to reduce the number of accounts to 1 and make it an admin account. Then I give it the same username and pwd as the SBS 2008 User. I haven't tried pulling the network cable out yet and trying to log on.

Comment welcome.
Back to top
View user's profile Send private message
CoreDefend
Forum Fanatic
Forum Fanatic


Joined: 25 May 2010
Posts: 16777215
Location: USA

Offline

PostPosted: Thu Nov 18, 2010 8:16 pm    Post subject: Reply with quote

What rights does the SBS 2008 User have on your domain?
Back to top
View user's profile Send private message Visit poster's website
Display posts from previous:   

Post new topic   Reply to topic   Printer-friendly version    Networking/Security Forums Index -> Exchange 2000 // 2003 // 2007 & Active Directory All times are GMT + 2 Hours
Page 1 of 1


 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum

Looking for more Windows Networking info?

Sign up to the WindowsNetworking.com Monthly Newsletter, written by Enterprise Security MVP Deb Shinder, containing news, the hottest tips, Networking links of the month and much more. Subscribe today and don't miss a thing!
View a sample newsletter.

Become a WindowsNetworking.com member!

Discuss your Windows Networking issues with thousands of other Windows Newtorking experts. Click here to join!

Community Area

Log in | Register

Readers' Choice

Which is your preferred data recovery solution?

Follow TechGenix on Twitter