Workgroups are networks in which each computer can have both server and clinet role.What I mean is that they can both share resources and make use resources shared by other computers.This kind of network is good when we need one in small scale,and when Security is not important.Here,users can easily use network resources,change their settings such as:Usernames,Passwords,... .This is because they have a database called:Local security Database(LSD) on their systems,which stores the local computer'ssecurity information.Every time a user wants to log on,the information provided by that user is comared to those in the LSD.If thet matched,a token in issued to that user and he/she will be allowed to enter the system.(I will exlain the authentication and authorization process in a seperate post).
This kind of network has many shortcomings among which the below things are more important:
- Workgroups increase administrator's workload.Because the admin should set properties on computers one-by-one.Each user account should be created on all of the system to which that specific user need to logon,... .
- Security is in it's lowest level.Users can adjust their system's properties,... as they wish.Imagine a novice logs on to your workgroup.Or a user with devilish wills.The only thing remains for you is the trouble made by these two.
This issues lead to making an other network called :Domain network.With domins you can easily manage thousands of thousands of object in your network;Including :user accounts,group accounts,Computer accounts,Printers,... .How?I tell you.
When you decide to implement a domain,the only thing you need a windows server CD.and a computer to install active directory on it (from that time on,the computer is called domain controller or DC).easy.isn't it?
Now,let us see how it works.
Unlike Workgroups,we don't have LSDs in domain networks.Instead we have something called:Domain Securtiy Database(DSD),in which stored is information about all of the objects on our network;including:User accounts,Group accounts,printers,...).In order to log on to network,users must first join to the domain.From that time on,if a user wants to log on,the information provided by that user will be compared to those stores in DSD.If the matched,the token will be issued and user can log on.
We can increase security by defining policies on the whole domain,so we don't have security issues in the future.Easy life.Isn't it?
And as far as domains are concerned,administrators' workload is decreased too much.because you set everything on one system,just one time.
be content.
No comments:
Post a Comment