70-270 Question on Domain Controllers - Techist - Tech Forum

Go Back   Techist - Tech Forum > Computer Software > Microsoft Windows and Software
Click Here to Login
Closed Thread
 
Thread Tools Display Modes
 
Old 10-07-2006, 03:03 AM   #1 (permalink)
Newb Techie
 
Join Date: Oct 2006
Posts: 1
Default 70-270 Question on Domain Controllers

First time poster...

The MS Press book states:

"NOTE: Because domain controllers do not maintain a local security database, local user accounts are not available on domain controllers. Therefore, a user cannot log in locally to a domain controller."

I was assuming at first glance that NO ONE can log on to the local machine (sitting down in front of it) acting as a DC. Anyone wanting to log on to the DC would have to do it from a separate terminal.

Correct me if I'm wrong but this is simply to restrict "users" aka non-admins the ability to log on to the DC and mess things up?

So bottom line, i am guessing... you can still log on locally to the DC, you just have to be in the admin group or other permitted group allowed by the group policy.

Now can an admin log on to the DC from a remote workstation with the proper credentials?
Thank for any input!
-Mike
__________________

thewun1 is offline  
Old 10-07-2006, 05:37 AM   #2 (permalink)
Monster Techie
 
MrCoffee's Avatar
 
Join Date: Feb 2006
Location: UK
Posts: 1,858
Default

"
So bottom line, i am guessing... you can still log on locally to the DC, you just have to be in the admin group or other permitted group allowed by the group policy."

i'm not sure what the answer is here but I think it simply means you must have a Domain account to logon to the DC as there is no local security database. I.e. you can sit down infront of it and log in but only with a domain account. With a workstation you could log in as a local account (all though you would have no access to the network)
__________________

__________________
Intel core I7 920
GA-EX58-UD3R
6GB OCZ platinum 1600
XFX HD4890
Noctua nh-u12p
Corsair HX520
Antec 300
Samsung 1TB F1 Spinpoint
Samsung SM2443BW 24"
MrCoffee is offline  
Old 10-07-2006, 10:32 AM   #3 (permalink)
Junior Techie
 
Join Date: Aug 2006
Posts: 73
Default

non domain admins can not login to DCs by default, you can change that in local policy.

a admin can login to the remote DC with his active directoy account.

They are just trying to say that member servers have AD logins and local logins (domainname\username and computername\username) while DCs only have (domainname\username)
bilbus is offline  
Closed Thread

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off




Copyright 2002- Social Knowledge, LLC All Rights Reserved.

All times are GMT -5. The time now is 09:35 PM.


Powered by vBulletin® Version 3.8.8 Beta 1
Copyright ©2000 - 2017, vBulletin Solutions, Inc.