Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
C
C
Capitollium2021-04-20 13:28:26
Active Directory
Capitollium, 2021-04-20 13:28:26

What to do with a local user account when typing into a domain?

Began to study Active Directory.
And I don’t understand something)
1) When you enter a computer into a domain, it will have two accounts, local and domain.
So what's the use of domain account group policies if a user can easily log into a local account with administrator rights and do whatever he wants?! What to do with the built-in account then? Set a password?
2) If the user worked in a local account, had his own location of shortcuts, settings, wallpapers, etc., then when he enters the computer into the domain, he will have a clean desktop. How to transfer all user data and settings to a domain?

UPD:
Advise good books and courses on AD. What I don’t watch, everything is just about how to install ad, create a forest,
add the computer to the domain. And that's all. And then what?
Thank you)

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

2 answer(s)
Report
M
Maxim Grishin, 2021-04-20
@Capitollium

1) Domain policies (computer policy) override the settings made by the local admin. If the computer sniffed at the DC at boot, it pulls policies from it and applies them, after which some of the policies and settings become inaccessible to the local admin (which ones you configure in the domain will be blocked).
2) Copy the local user profile directory to the directory created when the domain user logged in, remembering to set permissions and ownership.
UPD: And then life, which is so different for each domain, that you can’t push it into a book. DCs act as a credential storage center and a single point of trust for the entire domain, and why you need a domain varies from "test" to "deploy an authentication system for the whole world" aka Azure.

Report
A
Alexey Dmitriev, 2021-04-20
@SignFinder

Local entries must be deleted when entering the domain.
For built-in local Administrator there is LAPS
https://www.microsoft.com/en-us/download/details.a...

Similar questions
S
SwoDs2016-09-26 14:57:18
How to deal with the limit of 1000 LDAP entries? 2Reply
N
Nubik20162016-10-02 14:35:13
What ip is needed for domain service? 2Reply
C
chief2019-03-06 16:01:58
What is the best way to make network folders for AD users? 2Reply
C
chief2019-03-15 15:06:03
How to map a network drive with full username through AD Group Policies? 2Reply
D
Dmitry2016-10-18 09:13:14
Why is the GPO policy not applied? 2Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question