Solved

local computer vs. local admin on domain - Need proper terminology clarification

Posted on 2009-07-02
12
411 Views
Last Modified: 2012-05-07
Hello, my question is not really how to do this, it's more on the terminology I should use when describing it.

Let say I was on a domain enviroment, let's call it 'Litwareinc.com' and I had several xp clients.  Let's call one of my xp clients 'Computer1' and 'User1' has these rights below:

User Name                         Domain                      Group
user1                                 Litwareinc                  Administrators
user1                                 Comptuer1                 Administrators

I know exactly how to configure this.  But my question is, how would you describe 'user1', what is the proper description of what kind of user he is?
0
Comment
Question by:jkimzlg
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 4
  • 2
  • +2
12 Comments
 
LVL 1

Expert Comment

by:Naerwen
ID: 24763706
user 1 is a domain administrator AS WELL as an administrator on the local machine.
0
 
LVL 1

Author Comment

by:jkimzlg
ID: 24764110
but doesn't domain administrator sound like domain admin on AD?  if you said just domain administrator would someone know that you were referring to an xp client computer?
0
 
LVL 7

Expert Comment

by:spamster
ID: 24764142
User 1 is a domain administrator and local administrator
If you say he's a domain admin or domain administrator, it would mean that he's an administrator of the LitwareInc domain - which also means that by default he's a local administrator on every computer.
If you said just "domain administrator" I don't think anyone in the field would guess you were talking about a local computer administrator.
0
Free Webinar: AWS Backup & DR

Join our upcoming webinar with experts from AWS, CloudBerry Lab, and the Town of Edgartown IT to discuss best practices for simplifying online backup management and cutting costs.

 
LVL 1

Expert Comment

by:Naerwen
ID: 24764525
It would depend on the context of your discussion. Domain Admins are, by default,  local administrators. So if you are in a discussion with someone and said "I am the domain admin." That person would assume that you are also a local administrator on the client's machine.
Alternativelty, if your organization is huge 500-1000+ then being a domain admin doesn't necessarily mean that you have unrestricted access to all the computers within a given domain. It would depend on many variables. In my current network, we do not make users local administrators at all. And we are not, domain administrators. We are part of an OU that has a GPO assined to it and that gives us the administrative access that we need to execute our work.
 
Naerwen
0
 
LVL 57

Expert Comment

by:Mike Kline
ID: 24764724
but doesn't domain administrator sound like domain admin on AD?  if you said just domain administrator would someone know that you were referring to an xp client computer?
Like others have said domain admins have rights over everything...in fact a savy domain admin can take control of the forest.  
I basically equate domain admins to "god rights"...so you have to be careful who is in that group.
Thanks
Mike
0
 
LVL 1

Author Comment

by:jkimzlg
ID: 24765546

I'm only talking about the WIN XP CLIENT COMPUTER:

User Name                         Domain                      Group
user1                                 Litwareinc                  Administrators

"user1 is a Domain Administrator on this computer ONLY."  is this the correct way of saying it?  is there a better way to say this?  or am I still wrong?
0
 
LVL 7

Accepted Solution

by:
spamster earned 250 total points
ID: 24765582
No, then user1 is a "Local Administrator on Computer1"
0
 
LVL 1

Author Comment

by:jkimzlg
ID: 24765667
Maybe I am not explaining this correctly.  

User Name                         Domain                      Group
user1                                 Litwareinc                  Administrators             (domain is Litwareinc.com)
user1                                 Computer1                 Administrators              (Computer 1 (this computer))

again, this is all configured on win xp client named Computer1.  
0
 
LVL 1

Expert Comment

by:Naerwen
ID: 24765700
No, user1 is not a "Domain Administrator" on Computer 1... He is only a "Local Administrator" on "Computer 1".
 
 
0
 
LVL 4

Expert Comment

by:pnrhait
ID: 24765719
User Name                         Domain                      Group
user1                                 Litwareinc                  Administrators (Domain Admin)
user1                                 Comptuer1                 Administrators (Local Admin)

It also depends on how the user logs in for the proper terminology. If user1 logs into Litwareinc Domain then he is logging in using his Domain Admin account, but if he logs into the computer locally then he is using his local admin account.


0
 
LVL 1

Assisted Solution

by:Naerwen
Naerwen earned 250 total points
ID: 24765743
Let say I was on a domain enviroment, let's call it 'Litwareinc.com' and I had several xp clients.  Let's call one of my xp clients 'Computer1' and 'User1' has these rights below:

User Name                         Domain                      Group
user1                                 Litwareinc                  Administrators
user1                                 Comptuer1                 Administrators

 
 
Then, in that case, in conversation, you would say; "I have a computer that is part of a domain and I am the 'Local Admin' on it." This would indicate to the other person that you are the administrator of the machine. The other person may or may not assume you are a Domain Administrator.

Naerwen
0
 
LVL 1

Author Comment

by:jkimzlg
ID: 24766607
appreciate the help, thanks for trying to answer my question.

I think this is what i wanted, if anyone has anything to add please do.

User Name                         Domain                      Group
user1                                 Litwareinc                  Administrators             (domain is Litwareinc.com)
user1                                 Computer1                 Administrators              (Computer 1 (this computer))

"user1 has an 'Admin Account' on computer1, and user1 is a local administrator on computer1 on the Litwareinc domain"
0

Featured Post

Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article describes my battle tested process for setting up delegation. I use this process anywhere that I need to setup delegation. In the article I will show how it applies to Active Directory
Active Directory security has been a hot topic of late, and for good reason. With 90% of the world’s organization using this system to manage access to all parts of their IT infrastructure, knowing how to protect against threats and keep vulnerabil…
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …

749 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question