Logging in local vs Domain

Networking/Security Forums -> Exchange 2000 // 2003 // 2007 & Active Directory

Author: dolphin1 PostPosted: Sun Aug 22, 2010 4:03 pm    Post subject: Logging in local vs Domain
i understand logging into to the domain becuase it authenticates you and you have certain permissions to other things that you would'nt have when you log in locally to the machine. But my Question is when i log in and look at both the system propertis and look at domain at which both are attached to , they are apart of the same domain. IE( mitll.ad.local) So my guess is as what i stated at the beginning of the Question as far local and domain, so even though your logged on locally and do not have the same rigths as you would being logged on to the domain, you are still apart of the domain, Which leads me to another Question, So being logged on locally to the machine, Do certain items get cached from the domain even though your logged on locally? Shocked

Author: CoreDefendLocation: USA PostPosted: Thu Sep 02, 2010 9:34 pm    Post subject:
With Windows 2003 and below, 10 windows logon credentials are cached.

When you login locally, you can still interact with the computer and view domain properties on the local computer. You, cannot, however interact with the domain, i.e access file shares, outlook/email, print shares (unless the local account has the same username/password as a domain account).

Yes, a lot of information from the domain is stored locally. If someone has access to a local account on a computer, it is very easy to escalate their privileges and gain access to the domain.

Author: cantthinkofanickname PostPosted: Mon Oct 04, 2010 1:23 pm    Post subject:
If when I add clients to the domain. I have most machines with an admin and user password configured when they were local.

What is the best practice for changing the users and their passwords that were previously setup on the local machine?

What is the consideration in terms of the type of license the client or users may have?

SBS 2008.

Author: pedro waltonLocation: philippines PostPosted: Wed Nov 17, 2010 9:48 pm    Post subject:
It is always a best practice to keep 1 local account on desktops, which is the administrator account. creating local accounts for users will just pose a lot of security issues so much more if they are techy. Its best to keep local accounts to a minimun-which 1 local admin account. Users should have their accounts controlled by GPO Policy on the domain level.

Peter Walton
Web Design and Development | Research and Administrative Support

Author: cantthinkofanickname PostPosted: Thu Nov 18, 2010 8:13 pm    Post subject:
Thanks, what I've done now is to reduce the number of accounts to 1 and make it an admin account. Then I give it the same username and pwd as the SBS 2008 User. I haven't tried pulling the network cable out yet and trying to log on.

Comment welcome.

Author: CoreDefendLocation: USA PostPosted: Thu Nov 18, 2010 8:16 pm    Post subject:
What rights does the SBS 2008 User have on your domain?

Networking/Security Forums -> Exchange 2000 // 2003 // 2007 & Active Directory

output generated using printer-friendly topic mod, All times are GMT + 2 Hours

Page 1 of 1

Powered by phpBB 2.0.x © 2001 phpBB Group