General discussion

Locked

W2k machines on an NT network

By Mongooch ·
I am starting to bring in some Windows 2000 machines into my NT domain. I have noticed if I logon to the W2k local machine, I can still access network resources. My limited understanding is that you should not be able to access any network resources by logging on locally. I guess my question would be: could this cause any problems on my network if the user uses the local desktop for normal work, email, and internet? Also, are there some configuration settings I'm missing? Thanks

This conversation is currently closed to new comments.

7 total posts (Page 1 of 1)  
| Thread display: Collapse - | Expand +

All Comments

Collapse -

W2k machines on an NT network

by timwalsh In reply to W2k machines on an NT net ...

Couple of explanations here:
First, I'm assuming a couple of things:
1. User accounts exist both on the local machine and the domain controller.
2. The same user ID and password (credentials) are used for both the local computer user account and the domain user account.

NT uses a concept called pass-through authentication. This works as follows: A user provides a set of credentials at the local login. Later the user attempts to access a network resource requiring domain credentials.The PDC will query the local computer for the credentials provided at log-on. If the credentials match a valid domain user accout, the local credentials are accepted as valid and access is granted.

The main effect this will have on your network operations is that since the user is logging on locally, no domain security policies or log-on scripts are passed on and applied at log-on.

To take this a step further:
Even if credential do not match, there is still a method to access network resources (shared drives). When using the Map Network Drive tool to map a shared resource (vs. mapping a shared drive by going through Network Neighborhood), a user is provided the ability to connect using a different set of credentials. The user canthen provide his domain credentials to gain access to shared resources, even though he is only logg-on locally with different credentials.

Hope this clears things up a little.

Collapse -

W2k machines on an NT network

by Mongooch In reply to W2k machines on an NT net ...

Poster rated this answer

Collapse -

W2k machines on an NT network

by Gigelul In reply to W2k machines on an NT net ...

If you don't have a real reason to use local accounts, I recommend you to use domain accounts. Is more easy to manage/restrict/control/implement any policies or rule for all your network.
If you implement a password policies (a number of days before expire) this will not work and you will need to "manualy" change the password on both local and domain accounts.

Collapse -

W2k machines on an NT network

by Mongooch In reply to W2k machines on an NT net ...

Poster rated this answer

Collapse -

W2k machines on an NT network

by nikeow In reply to W2k machines on an NT net ...

There's a Problem though. I have Domain Access in a NT4 domain and I'm bringing a W2K laptop and accessing Locally using the same Credentials as the Domain Credentials. I can Map Drives, I can access Some resources (but not Printers. Why?) The mapped Drives are only Mapped for a short time , ~5min then it goes offline and then I have to manually use -> Net use \\servername\sharename /Delete so that I can re-connect again.

No. I do not have Logon to Domain. Ppl tell me I need to have Trust Relationship with the Domain?

Emails to : Ow.Mun.Heng@wdc.com Please

Collapse -

W2k machines on an NT network

by Mongooch In reply to W2k machines on an NT net ...

Poster rated this answer

Collapse -

W2k machines on an NT network

by Mongooch In reply to W2k machines on an NT net ...

This question was closed by the author

Back to Windows Forum
7 total posts (Page 1 of 1)  

Related Discussions

Related Forums