A User logs on to a computer or a network by supplying a user name and password that identify that user’s user account. There are two types of user accounts.
A local user account allows you to log on to a specific computer to 21cm)% resources on that computer.
A domain user account allows you to log on to a domain to access netwom resources.
Local User Accounts in Windows
Local user accounts allow users to log on only to the computer on which the local user account has been created and to access resources only on that computer. When you create a local user account, Windows 10 creates the account only in that computer’s security database, called the local security database,Windows 10 uses the local security database to authenticate the local user account, Which allows the user to log on to that computer. Windows 10 does not replicate local user account information on any other computer.
Microsoft recommends that you use local user accounts only on computers in work groups. If you create a local user account in a workgroup of five computers running Windows -for example, Userl on Computerl-you can only log on to Computerl with the Userl account. If you need to be able to log on as Usetl to all five computers in the workgroup, you must create a local user account, Userl, on each of the live computers. Furthermore, if you decide to change the password for Userl, you must change the password for Userl on each of the five computers because each computer maintains its own local security database.
A domain does not recognize local user accounts, so do not create local user accounts on computers running Windows 10 that are part of a domain. Doing so restricts users from accessing resources on the domain and prevents the domain administrator from administering the local user account properties or assigning access permissions for domain resources.
Domain User Accounts in Windows
Domain user accounts allow you to log on to the domain and access resources anywhere on the network. When you log on, you provide your logon information, which is your user name and password. A domain controller running Windows Server 2016 uses this logon information to authenticate your identity and build an access token that contains your user information and security settings. The access token identifies you to the computers in the domain on which you try to access resources. The access token is valid throughout the logon session.
You can have domain user accounts only if you have a domain. You can have a domain only if you have at least one computer running Windows Server or later that is configured as a domain controller (which means that the server has the Active Directory directory service installed).
You create a domain user account in the Active Directory database (the directory) on a domain controller. The domain controller replicates the new user account information to all domain controllers in the domain. After the domain controller replicates the new user account information to other domain controllers, all the domain controllers in the domain tree and other computers that are members of the domain can authenticate the user during the logon process.
BuiIt-ln User Accounts in Windows 10
Windows 10 automatically creates a number of built-in local User accounts.
Administrator Use the built-in Administrator account to manage the overall computer‘ You can perform tasks to create and modify user accounts and groups, manage security policies, create printer resources, and assign the permissions and rights that allow user accounts to access resources.
Guest Use the built-in Guest account to allow occasional users to log on and access resources. For example, an employee who needs access to resources for a short time can use the Guest account. This account is disabled by default to protect your computer from unauthorized use.
DefaultAccount. This account is named based on the registered user and is created during Windows Activation (directly following installation) only if the computer is a member of a workgroup. For example, if a user named Sandra installed and activated Windows 10 as a member of a workgroup, an account named Sandra is created following installation. This account is made a member of the Administrators local group.
HelpAssistant The HelpAssistant account is not available for standard logon. Instead this account is used to authenticate users who connect by using Remote Assistance. Windows enables this account automatically when a user creates a Remote Assistance invitation and disables the accounl automatically when all invitations have expired.
SUPPORT_xxxxxxx The SUIPPORT_xxxxxx account (where xxxxxxx is a random number generated during Windows setup) is used by Microsoft when proiding remote support through the Help And Support Service account. It is not available for logon or general use
Although you cannot delete any of the built-in user accounts, you can rename or disable them.
As you might expect, administrators require more permissions and user rights to perform their duties than other users. However, logging on using an administrator account as a regular practice is not a good idea because it makes the computer (and the network) more vulnerable to security risks such as viruses, Trojan horses, spyware, and other malicious programs. A much safer practice is to log on routinely using a normal account that is a member of the Users or Power Users group and to use the RunAs command to perform tasks that require administrative rights or permissions. For example, you could log on using your normal user account and then launch the Computer Management tool using administrative credentials.
Windows 10 provides this functionality using the Secondary Logon service, which must be enabled for the RunAs command to work.
After the Secondary Logon service is enabled, you can use the RunAs command in one of two ways. In Windows Explorer (or on the Start menu), hold down the SHIFT key, rightclick the program (or shortcut) you want to run, and click Run As. In the Run As dialog box, provide your administrative credentials. I At the command prompt, type runas /user: domain_name\udministrator_accountprogram name. For example, you might type runas /user: contosoadministratocompmgmt.msc to start the Computer Management tool using an account named Administrator in a domain named Contoso.
No comments:
Post a Comment