| View previous topic :: View next topic |
| Author |
Message |
dolphin1
Just Arrived
Joined: 22 Aug 2010
Posts: 0
|
 Posted: Sun Aug 22, 2010 4:03 pm Post subject: Logging in local vs Domain |
 |
|
i understand logging into to the domain becuase it authenticates you and you have certain permissions to other things that you would'nt have when you log in locally to the machine. But my Question is when i log in and look at both the system propertis and look at domain at which both are attached to , they are apart of the same domain. IE( mitll.ad.local) So my guess is as what i stated at the beginning of the Question as far local and domain, so even though your logged on locally and do not have the same rigths as you would being logged on to the domain, you are still apart of the domain, Which leads me to another Question, So being logged on locally to the machine, Do certain items get cached from the domain even though your logged on locally? 
|
|
| Back to top |
|
 |
CoreDefend
Forum Fanatic
Joined: 25 May 2010
Posts: 16777215
Location: USA
|
| Posted: Thu Sep 02, 2010 9:34 pm Post subject: |
|
|
With Windows 2003 and below, 10 windows logon credentials are cached.
When you login locally, you can still interact with the computer and view domain properties on the local computer. You, cannot, however interact with the domain, i.e access file shares, outlook/email, print shares (unless the local account has the same username/password as a domain account).
Yes, a lot of information from the domain is stored locally. If someone has access to a local account on a computer, it is very easy to escalate their privileges and gain access to the domain.
|
|
| Back to top |
|
|
cantthinkofanickname
Just Arrived
Joined: 04 Nov 2006
Posts: 1
|
| Posted: Mon Oct 04, 2010 1:23 pm Post subject: |
|
|
If when I add clients to the domain. I have most machines with an admin and user password configured when they were local.
What is the best practice for changing the users and their passwords that were previously setup on the local machine?
What is the consideration in terms of the type of license the client or users may have?
SBS 2008.
|
|
| Back to top |
|
|
pedro walton
Just Arrived
Joined: 17 Nov 2010
Posts: 0
Location: philippines
|
| Posted: Wed Nov 17, 2010 9:48 pm Post subject: |
|
|
It is always a best practice to keep 1 local account on desktops, which is the administrator account. creating local accounts for users will just pose a lot of security issues so much more if they are techy. Its best to keep local accounts to a minimun-which 1 local admin account. Users should have their accounts controlled by GPO Policy on the domain level.
Peter Walton
Web Design and Development | Research and Administrative Support
|
|
| Back to top |
|
|
cantthinkofanickname
Just Arrived
Joined: 04 Nov 2006
Posts: 1
|
| Posted: Thu Nov 18, 2010 8:13 pm Post subject: |
|
|
Thanks, what I've done now is to reduce the number of accounts to 1 and make it an admin account. Then I give it the same username and pwd as the SBS 2008 User. I haven't tried pulling the network cable out yet and trying to log on.
Comment welcome.
|
|
| Back to top |
|
|
CoreDefend
Forum Fanatic
Joined: 25 May 2010
Posts: 16777215
Location: USA
|
| Posted: Thu Nov 18, 2010 8:16 pm Post subject: |
|
|
|
What rights does the SBS 2008 User have on your domain?
|
|
| Back to top |
|
|
|
