First time poster...
The MS Press book states:
"NOTE: Because domain controllers do not maintain a local security database, local user accounts are not available on domain controllers. Therefore, a user cannot log in locally to a domain controller."
I was assuming at first glance that NO ONE can log on to the local machine (sitting down in front of it) acting as a DC. Anyone wanting to log on to the DC would have to do it from a separate terminal.
Correct me if I'm wrong but this is simply to restrict "users" aka non-admins the ability to log on to the DC and mess things up?
So bottom line, i am guessing... you can still log on locally to the DC, you just have to be in the admin group or other permitted group allowed by the group policy.
Now can an admin log on to the DC from a remote workstation with the proper credentials?
Thank for any input!
-Mike
The MS Press book states:
"NOTE: Because domain controllers do not maintain a local security database, local user accounts are not available on domain controllers. Therefore, a user cannot log in locally to a domain controller."
I was assuming at first glance that NO ONE can log on to the local machine (sitting down in front of it) acting as a DC. Anyone wanting to log on to the DC would have to do it from a separate terminal.
Correct me if I'm wrong but this is simply to restrict "users" aka non-admins the ability to log on to the DC and mess things up?
So bottom line, i am guessing... you can still log on locally to the DC, you just have to be in the admin group or other permitted group allowed by the group policy.
Now can an admin log on to the DC from a remote workstation with the proper credentials?
Thank for any input!
-Mike