General discussion

Locked

Log into Computer or Domain

By James_Randy ·
Windows 2000 Professional - Upon startup, a user has a choice to either log into the computer or log into a domain.

What's the difference? What are the pros and cons of each? Why select one over the other?

Thanks in advance. - Jimmy

This conversation is currently closed to new comments.

15 total posts (Page 1 of 2)   01 | 02   Next
| Thread display: Collapse - | Expand +

All Comments

Collapse -

Log into Computer or Domain

by James_Randy In reply to Log into Computer or Doma ...

To be a little more clear, this is a small network with file and print sharing only. No fancy Web page interface or anything like that. Although there might be a need for remote access some time in the future.

If the user logs into the computerand not the domain, he still can gain access to shared files on the file server and shared printers. If access to shared files and printers is really the only function of the network, what are the advantages of loging into the domain?

Thanks -Jimmy

Collapse -

Log into Computer or Domain

by rapidad In reply to Log into Computer or Doma ...

Logging onto the computer as admin allows you to make changes at all levels. the logon administrator (local) is the default for all window machines. the logon administrator (network) is usually reserved for the Syatem Administrator (or his assigned minions). the two logons are in fact different, as you can se by looking at the profiles (NT4.0), or Documents and Settings (W2K pro/server/etc). the usuall path is to logon to the machine local, as administrator and then by going to the groups add from the network a user with whatever priveleges are needed (usually assigned by the admin on the server according to corp/school/orginization policy.
if you are just setting up the machine here are the usual logins
1. administrator (local) full priv
2. nameduser (local) assigned priv
3. networkuser (network) domain assigned priv
4. netadmin (network) so the sys admin can access all boxes he is responsible for

usually the named user is added as a backup logon in case the admin password islost/ and or the priveleges are revoked, policy may not allow you to do this. most networks dont allow you to access internal machines on your domain or the network unless you are logged on as a network logon (which has you priv/permissions/passwords on the server) big security issue.
make sure you know the local policy before you attempt to make changes, dont make the sa mad, he/she can make your life ****. let me know if you need more info............

Collapse -

Log into Computer or Domain

by rapidad In reply to Log into Computer or Doma ...

to add to you second comment, the fact that you are offered the option to log onto a network usually means you have a server running as a PDC or BDC. Do you know if you do???

Collapse -

Log into Computer or Domain

by James_Randy In reply to Log into Computer or Doma ...

I'm not talking about logging into the computer as the administrator. I'm talking about logging into the computer as a user versus logging into the domain as that same user.

Collapse -

Log into Computer or Domain

by James_Randy In reply to Log into Computer or Doma ...

Another clarification. I'm not talking about logging into the computer as the administrator. I'm talking about logging into the computer as a user versus logging into the domain as that same user.

Collapse -

Log into Computer or Domain

by James_Randy In reply to Log into Computer or Doma ...

Yes the server is a primary domain controller.

Collapse -

Log into Computer or Domain

by stevenrshort In reply to Log into Computer or Doma ...

Selecting an option from the drop down determines where you profile will be used.
Selecting Computer uses the users and groups from the local computer
Selecting Domain uses the groups and users from the Domain.
eg. you may be an administrator on your local machine but only a user on the domain, logging on to your computer would give you full priveliges on your computer, but next to none on the domain.
best option would be to create a group with admin rights to your computer in the domain and add yourself to that group, then logon to the domain, you then get your domain rights and admin rights on your workstation.

Collapse -

Log into Computer or Domain

by James_Randy In reply to Log into Computer or Doma ...

Poster rated this answer

Collapse -

Log into Computer or Domain

by maxwell edison In reply to Log into Computer or Doma ...

My guess is that you have no priviliges and/or restrictions defined in your network domain. That's why you don't see any difference whether your user logs into the computer or logs into the domain. Just as you can set those priviliges on the computer, you can also set them for the domain. You set those network priviliges and/or restrictions on the PDC (primary domain controller).

For example, when the user logs into the computer and then attempts to map a network drive to a shared device on the network, there are no "rules" in place to either allow or restrict that particular user from using that shared device. If you take that same example a bit further, you could allow access to a particular shared device (drive, folder, printer, etc.) to only certain users. That would restrict all other users from access to that device - the users who do not have that permission as defined on the PDC.

Domain defined:

Windows NT (and 2000) uses the idea of a domain to manage access to a setof network resources (applications, printers, and so forth) for a group of users. The user need only to log into the domain to gain access to the resources, which may be located on a number of different servers in the network. One server, known as the primary domain controller, manages the master user database for the domain. One or more other servers are designated as backup domain controllers. The primary domain controller periodically sends copies of the database to the backup domain controllers. A backup domain controller can step in as primary domain controller if the PDC server fails and can also help balance the workload if the network is busy enough.

(continued...)

Collapse -

Log into Computer or Domain

by maxwell edison In reply to Log into Computer or Doma ...

In Windows NT (and 2000), a domain combines some of the advantages of a workgroup (a group of users who exchange access to each others' resources on different computers) and a directory (a group of users who are managed centrally by an administrator). The domain concept not only allows a user to have access to resources that may be on different servers, but it also allows one domain to be given access to another domain in a trust relationship. In this arrangement, the user need only log in tothe first domain to also have access to the second domain's resources as well.

In a Windows NT network, not all servers need to be a PDC or BDC. A server can be designated as a member server whose resources become part of a domain without havinga role in the logon process.

Setting up and maintaining PDCs and BDCs and domain information is a major activity for the administrator of a Windows NT network. In Windows 2000, the domain controller concept is retained but the PDC and BDC serverroles are generally replaced by the Active Directory.

See the following articles for a lot of useful information:

“Understanding User Accounts, Groups, Domains, and Trust Relationships” – a Microsoft article.

http://www.microsoft.com/technet/treeview/default.asp?url=/TechNet/prodtechnol/winntas/maintain/featusability/acctgrps.asp

Windows2000 magazine article, “Understanding PDCs and BDCs: Domain controllers made easy”


http://www.winntmag.com/Articles/Index.cfm?ArticleID=7738

Windows2000.com – a large index of articles.

http://searchwin2000.techtarget.com/

REMOVE SPACES from the pasted URL.

Good luck,

Maxwell

Back to Windows Forum
15 total posts (Page 1 of 2)   01 | 02   Next

Related Discussions

Related Forums