Benefits of Windows domain account introduction to the benefits of the domain controller
- 2020-05-09 19:42:31
- OfStack
Especially when I first entered the company, my first task was to study how to configure and manage TFS, SharePoint and SQL Server. The use of domain accounts shocked me a lot once, sometimes it was an ideological subversion. I was really convinced by him. I don't know how much trouble it would be if I didn't have a domain account. After using it for a period of time, I found what I felt and used:
Domain accounts can be logged in on any one computer that has joined the domain.
Add the domain user group to the SQL Server login, and everyone in the domain user group can use the domain user to log into the database and inherit permissions.
Domain users can login to Team Foundation Server, SharePoint and so on without entering a user name or password, which can be recognized automatically.
The domain user password is placed on the server and can be centrally set to the permissions policy, which is not easily cracked and is more secure than it is locally.
AD, you can check everyone's department, position, mobile phone, extension, etc.
You can set up mailboxes for domain users and domain user groups, and email to the group will be sent to everyone in the group.
The result of 1 time shock is: I want to research him to still have what advantage after all! As a result, I found the following article (simple modification and beautification) :
Advantages of domain controllers
1. Centralized authority management and reduced management cost
The domain environment, where all network resources, including users, are maintained on the domain controller for centralized management. As long as all users log in to the domain, they can be authenticated within the domain. Administrators can better manage computer resources and the cost of managing the network is greatly reduced.
Preventing employees from installing software at will on the client side can enhance the security of the client side, reduce client failure and reduce maintenance costs.
Through domain management, software and patches can be distributed and assigned effectively, so as to realize one installation within the network and ensure the uniformity of software within the network.
With ISA, you can determine whether you can surf the Internet according to the user. Otherwise, it's IP.
2. Security performance is strengthened and authority is more distinct
1 is conducive to the management of some confidential information, such as a disk allows one person to read and write, but another person can not read and write; Which file is for which person only; Or let someone see it, but not delete/change/move it.
You can block the client's USB port to prevent the leakage of confidential company information.
Security is fully integrated with the active directory (Active Directory). Access control can be defined not only on each object in the directory, but also on the properties of each object. The active directory (Active Directory) provides the storage and application scope of security policies. Security policies can include account information such as domain-wide password restrictions or access to domain-specific resources. Issue and enforce the security policy through the group policy Settings.
3. Account roaming and folder redirection
The working files and data of personal account can be stored on the server, which can be backed up and managed by the whole system. The user's data is more secure and guaranteed. When a client fails, simply use another client to install the appropriate software and log in as a user, and the user will find that their files are still "where they were" (for example, my documents) and not lost, allowing faster troubleshooting.
Shadow copy technology allows users to retrieve the previous version of the file or accidentally deleted files (limited to 32 versions that have been saved). When the server goes offline (down or otherwise), the "offline folder" technology automatically lets the user continue working with the local cached version of the file and synchronize with the files on the server during logout or login to the system, ensuring that the user's work is not interrupted.
4. It is convenient for users to use various Shared resources
Can be assigned by the administrator login script mapping distributed file system root directory, 1 management. Once the user logs in, they can use the resources on the network just like using the local character 1, and they don't need to enter the password again, and they only need to remember 1 pair of user name/password.
Access, read and modify permissions of various resources can be set, and different accounts can have different access permissions. Even if the location of the resource changes, the user does not need to do anything, just need the administrator to modify the link direction and set the relevant permissions, the user will not even be aware of the location of the resource changes, as in the past, must remember which resources on which server.
5. SMS system management services (System Management Server)
By being able to distribute applications, system patches, etc., users can choose to install them, or they can be assigned by the system administrator to install them automatically. Besides, it can centrally manage system patches (such as Windows Updates), and it does not need every client server to download the same patch, thus saving a lot of network bandwidth.
6. Flexible query mechanism
Users and administrators can use the start menu, online neighbors, or the search command on Active Directory users and computers to quickly find objects on the network through object properties. For example, you can find users by first name, last name, E-mail name, office location, or other attributes of the user account. Optimize the search for information by using the global catalog.
7. Better expansion performance
The active directory of WIN2K is highly extensible, and administrators can add new object classes to their plans or add new properties to existing object classes. The plan includes the definition of each object class that can be stored in the directory and the properties of the object class.
8. Easy integration in MS software
For example, ISA, Exchange, Team Foundation Server, SharePoint, SQL Server and so on.
Domain accounts can be logged in on any one computer that has joined the domain.
Add the domain user group to the SQL Server login, and everyone in the domain user group can use the domain user to log into the database and inherit permissions.
Domain users can login to Team Foundation Server, SharePoint and so on without entering a user name or password, which can be recognized automatically.
The domain user password is placed on the server and can be centrally set to the permissions policy, which is not easily cracked and is more secure than it is locally.
AD, you can check everyone's department, position, mobile phone, extension, etc.
You can set up mailboxes for domain users and domain user groups, and email to the group will be sent to everyone in the group.
The result of 1 time shock is: I want to research him to still have what advantage after all! As a result, I found the following article (simple modification and beautification) :
Advantages of domain controllers
1. Centralized authority management and reduced management cost
The domain environment, where all network resources, including users, are maintained on the domain controller for centralized management. As long as all users log in to the domain, they can be authenticated within the domain. Administrators can better manage computer resources and the cost of managing the network is greatly reduced.
Preventing employees from installing software at will on the client side can enhance the security of the client side, reduce client failure and reduce maintenance costs.
Through domain management, software and patches can be distributed and assigned effectively, so as to realize one installation within the network and ensure the uniformity of software within the network.
With ISA, you can determine whether you can surf the Internet according to the user. Otherwise, it's IP.
2. Security performance is strengthened and authority is more distinct
1 is conducive to the management of some confidential information, such as a disk allows one person to read and write, but another person can not read and write; Which file is for which person only; Or let someone see it, but not delete/change/move it.
You can block the client's USB port to prevent the leakage of confidential company information.
Security is fully integrated with the active directory (Active Directory). Access control can be defined not only on each object in the directory, but also on the properties of each object. The active directory (Active Directory) provides the storage and application scope of security policies. Security policies can include account information such as domain-wide password restrictions or access to domain-specific resources. Issue and enforce the security policy through the group policy Settings.
3. Account roaming and folder redirection
The working files and data of personal account can be stored on the server, which can be backed up and managed by the whole system. The user's data is more secure and guaranteed. When a client fails, simply use another client to install the appropriate software and log in as a user, and the user will find that their files are still "where they were" (for example, my documents) and not lost, allowing faster troubleshooting.
Shadow copy technology allows users to retrieve the previous version of the file or accidentally deleted files (limited to 32 versions that have been saved). When the server goes offline (down or otherwise), the "offline folder" technology automatically lets the user continue working with the local cached version of the file and synchronize with the files on the server during logout or login to the system, ensuring that the user's work is not interrupted.
4. It is convenient for users to use various Shared resources
Can be assigned by the administrator login script mapping distributed file system root directory, 1 management. Once the user logs in, they can use the resources on the network just like using the local character 1, and they don't need to enter the password again, and they only need to remember 1 pair of user name/password.
Access, read and modify permissions of various resources can be set, and different accounts can have different access permissions. Even if the location of the resource changes, the user does not need to do anything, just need the administrator to modify the link direction and set the relevant permissions, the user will not even be aware of the location of the resource changes, as in the past, must remember which resources on which server.
5. SMS system management services (System Management Server)
By being able to distribute applications, system patches, etc., users can choose to install them, or they can be assigned by the system administrator to install them automatically. Besides, it can centrally manage system patches (such as Windows Updates), and it does not need every client server to download the same patch, thus saving a lot of network bandwidth.
6. Flexible query mechanism
Users and administrators can use the start menu, online neighbors, or the search command on Active Directory users and computers to quickly find objects on the network through object properties. For example, you can find users by first name, last name, E-mail name, office location, or other attributes of the user account. Optimize the search for information by using the global catalog.
7. Better expansion performance
The active directory of WIN2K is highly extensible, and administrators can add new object classes to their plans or add new properties to existing object classes. The plan includes the definition of each object class that can be stored in the directory and the properties of the object class.
8. Easy integration in MS software
For example, ISA, Exchange, Team Foundation Server, SharePoint, SQL Server and so on.