User Accounts and Domains

  • Thread starter Thread starter Guest
  • Start date Start date
G

Guest

I am a trying to figure out which is the best approach. When I setup a new computer (XP Pro) should I add a User that has Administrator priviledges and the User (the person that will use the computer) or do I add the User as an Administrator of the Domain?

Another Question.
Generally when a user logs on in the morning, should they be logging on to the Computer (as the Domain) or the Server Network (as the Domain).

I have been setting up computers with Users that part of the Server Network, not part of the Computer (the one that is being setup). I have been setting these users up as Administrators (in the User Configuration window on the Computer that is being setup).

This is all a little confusing. What is the best approach to setting up a Windows XP Pro computer that will be part of a Network Domain??

Thanks for any and all help!
Bill
 
Bill Hazelwood said:
I am a trying to figure out which is the best approach. When I setup a new
Click to expand...
computer (XP Pro) should I add a User that has Administrator priviledges and
the User (the person that will use the computer) or do I add the User as an
Administrator of the Domain?

First, do you even have a Domain? If you do, then the computer itself needs
to be added to the Domain and user accounts are not made on that computer,
they are created on the Domain Controller.

If not, then you should just make a "user" account on the actual pc that the
user will use. Windows will automatically create an account called
"Administrator" for you and ask you what password you want for that account
during setup. Administers have total control over the machine and can see
everyones stuff. Regular "user" accounts have more limited access to what
can be done to the computer and can only "see" their own stuff.
Another Question.
Generally when a user logs on in the morning, should they be logging on to
Click to expand...
the Computer (as the Domain) or the Server Network (as the Domain).

Logging on the the "computer" only is NOT logging on to the domain. If you
have a Domain, then the user would log on to the remote computer but with
their Domain user name and password and specifying the domain they wish to
log onto as well. When they do this, the remote computer (client) contacts
the Domain Controller and passes the user's credentials to that machine.
The Domain Controller looks in the list of users to see if there is one that
matches who is trying to log on and if so, checks the password to see if it
is correct. If so, the user is granted permission to the Domain and not
only will they be able to gain their specific level of access to the client
computer, but to any domain resources (file shares, printers, etc.) that
thier access level permits.
I have been setting up computers with Users that part of the Server
Click to expand...
Network, not part of the Computer (the one that is being setup). I have been
setting these users up as Administrators (in the User Configuration window
on the Computer that is being setup).

If you do have a Domain, then this is not correct.
This is all a little confusing. What is the best approach to setting up a
Click to expand...
Windows XP Pro computer that will be part of a Network Domain??

If you do have a Domain (and therefore a Domain Controller [a.k.a. Server]),
then don't make any accounts on the client pc's (other than the one
"Administrator" account that each machine must have during setup). Instead
all user accounts should be create using the "Active Directory Users &
Computers" console program on the SERVER pc. Accounts made on a specific
client will only be good for that one client computer, accounts made on the
server will be good no matter what computer the user tries to log into (as
long as that computer belongs to the Domain).
 
Thanks for the info.

Yes I do have a Domain Controller (SBS2k3).

I don't even need to create an account that points to the domain controller (i.e. Domain\User --> Gold\BHazelwood ).

I ended up doing this because everytime that I installed software on the computer I would get an error that I didn't have Admin privledges. I then created a PC User that was the same as the Server User account. On the PC, I gave that user Admin privledges. This allowed the user to install software. How else do I get around this if there is only the Admin User on the PC and the Server User account does not have a special privledges?

Thanks again
Bill
 
During the process of installing Windows, you are asked to provide a
password for the default Administrator account of that particular machine
(called "Administrator"). This is the account that you should log in as
whenever you need to do Administrative things to that machine and it is the
ONLY account that should be made at that machine. All other accounts should
be created at the Domain Controller (DC).

You don't need an account that "points" to the DC, because after Windows is
installed, you make the computer you just installed Windows on a "member" of
the domain (not a user becomming a member here, the computer itself). You
do this by right clicking "My Computer" and choosing "Properties". Next
choose the "Computer Name" tab and then click the "Network ID" button to
have the computer join the Domain.

From this point forward, when anyone attempts to log on to this pc, they
will have to type thier user name, password AND choose the domain that they
are logging into (this is the pointer you wanted). The user name and
password are created and stored on the DC, so by indicating here what domain
they are logging into, the DC can be found on the network and the user can
be authenticated.


Bill Hazelwood said:
Thanks for the info.

Yes I do have a Domain Controller (SBS2k3).

I don't even need to create an account that points to the domain
Click to expand...
controller (i.e. Domain\User --> Gold\BHazelwood ).
I ended up doing this because everytime that I installed software on the
Click to expand...
computer I would get an error that I didn't have Admin privledges. I then
created a PC User that was the same as the Server User account. On the PC, I
gave that user Admin privledges. This allowed the user to install software.
How else do I get around this if there is only the Admin User on the PC and
the Server User account does not have a special privledges?
 
Back
Top