What would be an advantage of a domain account vs a local account

[G+_Michael Whalen Jr]

What would be an advantage of a domain account vs a local account

[G+_Black Merc]

To my understanding... A local acc. is only on that machine.

A domain acc. allows for redundancy and mobility inside that domain.

For instance...

If your machine just drops dead?

Local acc. is only on that machine with your files.

Domain acc. is on the server as well as many(if not all) files in that acc..

Now, if your in a domain you can goto a working machine, login, call tech_suport(for the dead machine) and keep working.

Local, you call tech_suport and wait for them to fix your machine.

 

I simplified a lot of things here, but from a user perspective, that's it.

[G+_Fr. Robert Ballecer, SJ]

From the perspective of an IT admin, a domain account gives them far more power to control security and usage policy while also giving them a profile that is infinitely more manageable than a local account.

 

From the user's perspective, a domain account allows you to have all your files and preferences implemented automatically on any machine properly authenticated on the domain. HOWEVER, it will cause headaches if you frequently use your computer offline or away from the network.

 

SUPER broad-strokes description. Obviously there is a lot more to domain administration than this. :)

[G+_William L. DeRieux IV]

Black Merc Michael Whalen Jr

 

Also:

Local accounts are 1 to many (1 administrator must manage many systems individually)

 

Domain accounts are many to 1 (1 administrator is able to manage multiple systems at once, in one place)

 

So, why are domain accounts better than local accounts ?

 

Domain accounts allow the centralized management of the network and systems without having to touch each, and every, machine. (which saves the company both time and money).

 

Oh and if a users lock themselves out of a machine, a tech with admin privileges could unlock it and -- if need be -- the password can be reset at the DC (domain controller) or other privileged member server.

[G+_William L. DeRieux IV]

Fr. Robert Ballecer, SJ Also, I would say that it makes it easier for reporting, accounting, and asset management.

 

Accessing the information stored in the AD about users and networking assets could be used to, more easily, generate technical reports on when those assets need to be upgraded or decommissioned.

 

For instance an IT administrator wanting to know how many server 2003 systems are still in active use -- possibly to determine licensing needs if they need to be renewed, etc.

[G+_Juscelino Acevedo]

Michael Whalen Jr to be honest, that is an extremely vague question. I would be able to provide an answer if you provide some context. Why are you asking? Would it be for home (test network) or for work? Is it a general question because you are studying for a test? Is your work computer on the domain, but you are wondering how it would work if it was not on the domain? Just some sample questions.

[G+_Michael Whalen Jr]

First off thanks everyone. This really is a general question. The dealership where I work is on a domain and with few shop computers off if it. It was more out of curiosity question then anything. Was just wondering what the benefits are. Appreciate the help.

[G+_Juscelino Acevedo]

Michael Whalen Jr, basically the point off having those computers on the domain is for easier access to shared resources. A few examples include, access to a shared folder on the server where everyone can make changes to shared files. Access to managed, shared printers and/or scanners. Access to software that cost less with a network license model. Ability to easily backup critical data without the worries of losing data on a specific user's computer. Ability to share one or more computers among multiple employees and have shared or personal files follow that employee.

 

Those are just a few basic examples that I could think of. Feel free to follow-up with any questions. Hope it helped.

[G+_Jason Brown]

A domain is great for centralized management. But I would advise against setting it up unless you have a properly trained technician, with the right certs set it up for you. A lot of work is done in GPOs, and unless you know what you're doing you can make things worse before they get better.

 

One other downside to a domain setup; if you break something on the server, it affects everyone on the domain. If you stick with individual local accounts, the potential for catastrophe is much smaller.

 

I've tried to crowbar in a domain setup where one didn't belong, and ended up wasting a lot of time because I just didn't have it in me to learn the proper way to configure a domain.

 

If you have fewer than 10 people on staff, I'd recommend keeping local accounts. You can do a lot with mapped drives and batch files, to mimic the type of deployed integration you get from a domain controller.

 

As some people have mentioned, it's really helpful in case users get locked out of their accounts. But that can be dealt with by keeping a locked down local admin account.

 

...aaaand that moment when you write a long diatribe about the pros and cons of something, only to find out the OP just had a general curiosity about it. sigh My teachers always said I had trouble reading the directions until the end.