mercredi 30 janvier 2008
Workgroups vs. Domains
Computers on a Windows network can be joined together in a workgroup or a domain.
In a workgroup, the security database (including, most significantly, the list of user accounts and the privileges granted to each one) for each computer resides on that computer. When you log on to a computer in a workgroup, Windows checks its local security database to see whether you've provided a user name and password that matches one in the database. Similarly, when network users attempt to connect to your computer, Windows again consults the local security database. A workgroup is sometimes called a peer-to-peer network.
By contrast, a domain consists of computers that share a security database stored on one or more domain controllers running a member of the Windows .NET Server, Windows 2000 Server, or Windows NT Server families. When you log on using a domain account, Windows authenticates your credentials against the security database on a domain controller.
Throughout this book, we assume that your network does not include a domain controller. In a domain environment, security is managed at the server, and the task is significantly more complex than we can cover in this book.
Nonetheless, we can point out the security-related differences you're likely to encounter if you connect your computer to a domain-based network. (For a complete discussion of how to make Windows XP coexist with a domain, see Chapter 33, "Working with Windows Domains," in our book Microsoft Windows XP Inside Out.)
Logon and Logoff. The Windows XP Welcome screen is unavailable in a domain environment. Instead, you use the "classic" logon, which prompts you to press Ctrl+Alt+Delete and then enter your user name (if it isn't already entered from your last session) and password. If you use Windows 2000, the logon procedures are identical except for the addition of a Domain box at the bottom of the Logon dialog box.
Passwords. A domain administrator can change the password for your domain account. Any user who is a member of the local Administrators group can change the password for any local account. In Windows XP, the option to create or use a Password Reset Disk is not available.
File Sharing and Security. Although the Simple File Sharing option is available in the Folder Options dialog box on a computer running Windows XP Professional in a domain, it has no effect. A computer joined to a domain uses classic sharing, just as in Windows 2000. (If you use Windows XP Home Edition, you're stuck with Simple File Sharing and are unable to join a domain, although you can access a domain's resources with the proper user name and password.)
Logon Scripts and Group Policy. In a domain environment, a domain administrator can set up scripts that run automatically each time you log on to your computer. These scripts, which are usually stored and administered on the domain controller, can be used to provide software updates, new virus definitions, and other information to your computer; set up network connections; start programs; and perform other tasks. Group Policy settings are centrally managed and can be selectively applied to computers, users, groups, domains, and other divisions. On a managed network, the combined effect of these features can severely limit your ability to control your own system's configuration.
Computers on a Windows network can be joined together in a workgroup or a domain.
In a workgroup, the security database (including, most significantly, the list of user accounts and the privileges granted to each one) for each computer resides on that computer. When you log on to a computer in a workgroup, Windows checks its local security database to see whether you've provided a user name and password that matches one in the database. Similarly, when network users attempt to connect to your computer, Windows again consults the local security database. A workgroup is sometimes called a peer-to-peer network.
By contrast, a domain consists of computers that share a security database stored on one or more domain controllers running a member of the Windows .NET Server, Windows 2000 Server, or Windows NT Server families. When you log on using a domain account, Windows authenticates your credentials against the security database on a domain controller.
Throughout this book, we assume that your network does not include a domain controller. In a domain environment, security is managed at the server, and the task is significantly more complex than we can cover in this book.
Nonetheless, we can point out the security-related differences you're likely to encounter if you connect your computer to a domain-based network. (For a complete discussion of how to make Windows XP coexist with a domain, see Chapter 33, "Working with Windows Domains," in our book Microsoft Windows XP Inside Out.)
Logon and Logoff. The Windows XP Welcome screen is unavailable in a domain environment. Instead, you use the "classic" logon, which prompts you to press Ctrl+Alt+Delete and then enter your user name (if it isn't already entered from your last session) and password. If you use Windows 2000, the logon procedures are identical except for the addition of a Domain box at the bottom of the Logon dialog box.
Passwords. A domain administrator can change the password for your domain account. Any user who is a member of the local Administrators group can change the password for any local account. In Windows XP, the option to create or use a Password Reset Disk is not available.
File Sharing and Security. Although the Simple File Sharing option is available in the Folder Options dialog box on a computer running Windows XP Professional in a domain, it has no effect. A computer joined to a domain uses classic sharing, just as in Windows 2000. (If you use Windows XP Home Edition, you're stuck with Simple File Sharing and are unable to join a domain, although you can access a domain's resources with the proper user name and password.)
Logon Scripts and Group Policy. In a domain environment, a domain administrator can set up scripts that run automatically each time you log on to your computer. These scripts, which are usually stored and administered on the domain controller, can be used to provide software updates, new virus definitions, and other information to your computer; set up network connections; start programs; and perform other tasks. Group Policy settings are centrally managed and can be selectively applied to computers, users, groups, domains, and other divisions. On a managed network, the combined effect of these features can severely limit your ability to control your own system's configuration.
Libellés : Domains, Workgroups
0 Comments:
Funny Blogs
Blogger Roll
Free Software
