1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Logging on locally?

Discussion in 'Windows Server 2003 / 2008 / 2012 Exams' started by beaumontdvd, Feb 11, 2010.

  1. beaumontdvd

    beaumontdvd Kilobyte Poster

    487
    3
    32
    Hi everyone, sorry if this is a stupid post. But to be honest I'm not that good at servers and I'm trying my best to improve. I always get confused with this. Logging on locally, when someone refers to that does it mean logging onto the local computer? By changing the drop down button on the log on to. To this computer?

    Or can you log on locally to a domain? Like for example entering your credentials for the domain and granted access?

    Hope someone can help,

    Thanks,
    Dave
     
    Certifications: 070-271, 070-272, (MCDST)Level 1,2,3 NVQ
    WIP: 070-270, A+, N+, S+,MCDST 7 Upgrade
  2. LukeP

    LukeP Gigabyte Poster

    1,194
    41
    90
    You're right. Logging in locally means loggin in onto computer's local account (ie not a domain account). But you can still log in remotely using RDP into local account and it's still logging in locally.
     
    WIP: Uhmm... not sure
  3. beaumontdvd

    beaumontdvd Kilobyte Poster

    487
    3
    32
    oh right thought so, so you cannot login to a domain locally? Just the local account to the computer. So I guess any local permissions set on the computer on apply to the local account?

    Thanks,
    Dave
     
    Certifications: 070-271, 070-272, (MCDST)Level 1,2,3 NVQ
    WIP: 070-270, A+, N+, S+,MCDST 7 Upgrade
  4. LukeP

    LukeP Gigabyte Poster

    1,194
    41
    90
    There's is no such thing as domain local login. User accounts are local or domain wide. And yes local permissions apply to local accounts. Also you can add domain accounts to local permissions for example you can make domain user an administrator or power user on local machine while within the domain he would only be a domain user.

    To try this out. Create a basic domain user. Log in onto client machine with administrator rights, go into control panel -> user accounts, click "Add...". Enter domain user name and domain name and click next. Make him an Administrator.
    Now logout and relog as that user. You're administrator on this machine while you're just a normal user across the domain.
     
    Last edited: Feb 11, 2010
    WIP: Uhmm... not sure
  5. beaumontdvd

    beaumontdvd Kilobyte Poster

    487
    3
    32
    Thought there wasn't. I always though local and domain were two differnt things, cheers mate will have a play about with that later :twisted: thanks for clearing this up for me!

    Dave
     
    Certifications: 070-271, 070-272, (MCDST)Level 1,2,3 NVQ
    WIP: 070-270, A+, N+, S+,MCDST 7 Upgrade
  6. Sparky
    Highly Decorated Member Award

    Sparky Zettabyte Poster Moderator

    10,189
    296
    319
    Just to add that sometimes there can be some confusion with the term “log on locally”. Everything has been said so far is correct.

    Just as an example if you tried to log onto a domain controller with a *user* account you would not be able to as you have to grant the permission “log on locally”.

    This doesn’t mean you would select the computer account from the drop down (no such thing on a DC) but you would be able to log onto the DC with domain credentials.

    Link:
    http://www.petri.co.il/logon_locally_user_right.htm
     
    Certifications: MSc MCSE MCSA:M MCSA:S MCITP:EA MCTS(x5) Security+ Network+ A+
    WIP: Exchange 2007\2010
  7. beaumontdvd

    beaumontdvd Kilobyte Poster

    487
    3
    32
    Thanks Sparky, I think that's whats confusing me. But I swear I read something about not being able to log onto a domain controller with a user account as the local security database isn't held on the domain controller so it can't authenticate login?

    So on a standard domain connected machine. If the log on locally permission isn't granted you cannot log in locally? IE from the log on to dropdown (this computer....)


    Thanks for helping!

    Dave
     
    Certifications: 070-271, 070-272, (MCDST)Level 1,2,3 NVQ
    WIP: 070-270, A+, N+, S+,MCDST 7 Upgrade
  8. Sparky
    Highly Decorated Member Award

    Sparky Zettabyte Poster Moderator

    10,189
    296
    319
    It is confusing isn’t it!

    Basically the term of “log on locally” in group policy is actually referring to a user logging onto the PC\Server, not logging in with a *local account*.

    You are correct about not being able to log on with a local account onto a DC.


    No, in this case you would not be able to log onto the PC with domain credentials as the group policy would be applied to the users on the domain. However you would be able to use a *local account* as they would not be effected by the domain group policy.

    This should help....

    http://windowsitpro.com/article/art...to-log-on-locally-to-a-domain-controller.html
     
    Certifications: MSc MCSE MCSA:M MCSA:S MCITP:EA MCTS(x5) Security+ Network+ A+
    WIP: Exchange 2007\2010
  9. beaumontdvd

    beaumontdvd Kilobyte Poster

    487
    3
    32
    Thanks Sparky that helped a lot! So log on locally refers to the Domain account and can restrict/enable domain users from logging into a computer that is joined to the Domain I guess this is good if they want a computer to not connect to the domain. To be honest I'm not really at this stage at the moment but I seem to know the workgroup policies much better than the domainsis what I said above correct. This made it a lot clearer and I shall have a fiddle about tonight :biggrin.

    Thanks again,

    Dave
     
    Certifications: 070-271, 070-272, (MCDST)Level 1,2,3 NVQ
    WIP: 070-270, A+, N+, S+,MCDST 7 Upgrade
  10. Sparky
    Highly Decorated Member Award

    Sparky Zettabyte Poster Moderator

    10,189
    296
    319
    No probs mate, as you progress through your studies things will start to click when you are working with local policies, domain polices etc etc.
     
    Certifications: MSc MCSE MCSA:M MCSA:S MCITP:EA MCTS(x5) Security+ Network+ A+
    WIP: Exchange 2007\2010

Share This Page

Loading...