[Last Call] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 803
  • Last Modified:

difference between Windows account and Active Directory


Hi

what is the difference between Windows account and Active Directory
thanks,
0
ram27
Asked:
ram27
1 Solution
 
Macros82Commented:
That is an odd question.

Active Directory is a centralised platform/directory for managing permissions on user and computer accoutns and for applying group policy for a Windows Domain. It also provides a Domain authenitcaiton which is more secure than local authentication
Windows account is... well im not sure what you are talking about here. Are you talking about local machine accounts?
0
 
askbCommented:
In a Windows environment, a user bootstraps the authentication process by pressing CTRL+ALT+DEL [this is known as the Secure Attention Sequence (SAS)] to log on to a machine or a domain. Microsoft calls this method of authenticating a user to the Windows system an interactive logon feature or local logon feature. A valid interactive logon feature results in a logon session. If a user wants to access a resource that is located on another machine during its logon session, another authentication process will be started: This authentication process is referred to as a noninteractive logon method or network logon method. A valid noninteractive logon method results in a network logon session.

Every entity that authenticates to a Windows system is called a principal. A principal is identified by its Security Identifier (SID); to prove its identity during an authentication process, a principal uses credentials. Credentials allow principals to be distinguished from one another and to identify them. Examples of credentials are a principals account name and its password. If the operating system accepts this type of credentials for authentication, the fact that the principal knows its account name and password is regarded by the operating system as a proof of its identity. Do not confuse principal and account: An account is a record in an authentication authoritys database; a principal is an entity that can be identified by a Windows system. 

The authentication authority differs depending on what you are logging on to. If you log on locally to a machine, it is the Local Security Authority (LSA) on the machine itself, but if you log on to a domain, authentication is performed against the LSA of a domain controller. To be able to validate a principals identity, the authentication authority needs a copy of a principals credentials, which are stored in the authentication database.


For more details read book - "Windows Server 2003 Security Infrastructure" which covers lots of stuff and is quite comprehensive.

0

Featured Post

NEW Veeam Backup for Microsoft Office 365 1.5

With Office 365, it’s your data and your responsibility to protect it. NEW Veeam Backup for Microsoft Office 365 eliminates the risk of losing access to your Office 365 data.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now