• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 805
  • Last Modified:

difference between Windows account and Active Directory


what is the difference between Windows account and Active Directory
1 Solution
That is an odd question.

Active Directory is a centralised platform/directory for managing permissions on user and computer accoutns and for applying group policy for a Windows Domain. It also provides a Domain authenitcaiton which is more secure than local authentication
Windows account is... well im not sure what you are talking about here. Are you talking about local machine accounts?
In a Windows environment, a user bootstraps the authentication process by pressing CTRL+ALT+DEL [this is known as the Secure Attention Sequence (SAS)] to log on to a machine or a domain. Microsoft calls this method of authenticating a user to the Windows system an interactive logon feature or local logon feature. A valid interactive logon feature results in a logon session. If a user wants to access a resource that is located on another machine during its logon session, another authentication process will be started: This authentication process is referred to as a noninteractive logon method or network logon method. A valid noninteractive logon method results in a network logon session.

Every entity that authenticates to a Windows system is called a principal. A principal is identified by its Security Identifier (SID); to prove its identity during an authentication process, a principal uses credentials. Credentials allow principals to be distinguished from one another and to identify them. Examples of credentials are a principals account name and its password. If the operating system accepts this type of credentials for authentication, the fact that the principal knows its account name and password is regarded by the operating system as a proof of its identity. Do not confuse principal and account: An account is a record in an authentication authoritys database; a principal is an entity that can be identified by a Windows system. 

The authentication authority differs depending on what you are logging on to. If you log on locally to a machine, it is the Local Security Authority (LSA) on the machine itself, but if you log on to a domain, authentication is performed against the LSA of a domain controller. To be able to validate a principals identity, the authentication authority needs a copy of a principals credentials, which are stored in the authentication database.

For more details read book - "Windows Server 2003 Security Infrastructure" which covers lots of stuff and is quite comprehensive.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now