Local vs. domain login and file sharing security
Posted on 2004-04-04
Old mainframe guy getting up to speed on Win 2K and domains, and a new person to this site.
I have a Win 2000 domain controller with shared resources. User A is setup with password B. A Win XP client has the same user with the same password. Now it would seem that the client computer and user shouldn't have access to the domain resources. I mean, why allow access just because the password is the same (it could be null or something real smart like 'password').
What is the point of having a domain and all those policies if a client computer can breeze right past?
I can't find any MS info on this issue to explain why this is allowed. I know there must be a simple explanation. Is there an equally simple fix to keep non-domain accounts from getting to resources?
Also, the client computer isn't found in Active Driectory Users and Computers>Computers. If you try to logon as a domain user, you're blocked. But, again, local logins breeze right in. Same basic question of How & Why?