Michael Gray
asked on
The local Administrator account and a domain account that is a member of the local Aministrators group. How to simply describe the difference.
Looking for a good analogy to explain why using the local Windows Administrator account to perform all kinds of tasks works better than using any other domain account that is a member of the local Administrators group. I've read so many explanations of why there is a difference, but it is so hard so simply communicate the difference to other techs. Any thoughts?
In practice it's better to disable the local admin accounts (and rename them), since they can be messed with if someone has access to the computer. Using a domain account as a member of the local admins group is the way I'd go. Not sure i'd recommend using the local admin account to work on a domain computer.
This question needs an answer!
Become an EE member today
7 DAY FREE TRIALMembers can start a 7-Day Free trial then enjoy unlimited access to the platform.
View membership options
or
Learn why we charge membership fees
We get it - no one likes a content blocker. Take one extra minute and find out why we block content.
A domain account has rights across the domain and potentially on multiple computers.
I'd say there is no difference in practice as to whether a task is performed as a local Windows administrator or a domain account that is a member of the local administrators group.
Using the local Windows administrator account could be a problem on a network with large numbers of computers in terms of keeping passwords the same whereas with a domain account only one password is needed.
Why do you say that the local administrator account is better?