Does it make sense to work under a local account from a computer entered in AD?

L

LAG_LAGbI42017-09-29 19:26:08

Active Directory

LAG_LAGbI4, 2017-09-29 19:26:08

Is it possible to include a computer in active directory but run as a local user?
Maybe this situation is a little crazy. Users work on laptops, they are used to simple 4-digit passwords as a password. If you tell them to use long passwords, and even change them, then everything will end with pieces of paper on the laptop. Therefore, the idea was born to use the local user as a pin code. And to carry out all further authorizations through AD. How crazy is this idea?

Reply

Answer the question

In order to leave comments, you need to log in

2 answer(s)

L

liks, 2017-09-29
@liks

Change password length in AD

K

kolossradosskiy, 2017-09-29
@kolossradosskiy

Has no meaning. Logging in under a local account, the user does not receive any domain authorizations (transparent authentication via SSO is only available in the domain), does not receive domain policies.
That is, by allowing users to log in as local users, you return to the workgroup level.
Deny local logon to the computer through GPO - the first thing to do in the domain.