Active directory: Workgroup vs Domain networks

Definition

Active Directory is a directory service developed by Microsoft for Windows domain networks. It comes as a range of processes and functions for most Windows Server operating systems (Windows Server 2022, Windows Server 2019, Windows Server 2016, Windows Server 2012 R2, Windows Server 2012)

A directory is a hierarchical entity that retains information about items on a network. The techniques for storing directory data and making it available to network users and administrators are provided by a directory service, such as Active Directory Domain Services (AD DS). For example, AD DS maintains user account information including names, passwords, phone numbers, and so on, and allows authorized users on the network to access it.  

AD stores the data of many items are known as AD objects and they are typically the shared resources like servers, computer accounts, network users, volumes, and printers.

Security 

The security in AD is handled using logon authentication and access control to objects in the directory.

Administrators may manage directory data and organization across their network with a single network logon, and authorized network users can access resources from anywhere on the network. Even the most complex network can be managed more easily with policy-based administration.

Workgroup vs Domain accounts

What are domain accounts? 

Domain accounts are designed for the purpose of managing networks and resources on workplace networks. This type of account is the most tightly controlled of all Windows accounts and is managed by a network administrator.

Domain accounts are controlled by servers, also known as domain controllers (DC). Network admins use DCs to manage security and permissions for all computers in the domain.

To be a domain account, an Active Directory account must be created for the domain account. Active Directory is hosted on a local server, or on Microsoft Azure. With Azure Active Directory, credentials are managed in the cloud instead of a local server. There are six common characteristics of a domain account: 

  • Domain accounts need an account to log into a computer joined to the domain 
  • Domain controllers manage computers on the domain 
  • There can be potentially thousands of computers joined to a domain 
  • Computers on a domain can be on different local networks (different LANs)
  • Domain accounts can log into any of the other computers on the domain by using their domain login credentials 
  • Only limited changes can be made by the domain account user, the administrator has the full access

What are workgroup accounts?

A workgroup is a grouping of interconnected computers on a LAN that hold common resources and duties in computer networking. A workgroup is Microsoft's term for a peer-to-peer local area network.

Workgroup accounts are the default account for Windows computers and belong to the most basic of network infrastructures. This means that unless you join a domain (or a homegroup), your account will remain in a workgroup. Unlike domains, workgroups are not managed by a domain controller server. Rather, no computers in the workgroup have control over the others. This type of account is suitable for homes, small businesses, and clusters of computers that reside on the same local area network (LAN). The biggest benefit for the user with workgroup accounts is that users can make changes with a local group policy that would be impossible in a domain without administrator credentials.

  • No computer in the workgroup has control over any other computer; instead, they are peer computers, in other words, there's no hierarchy 
  • Each computer in the workgroup has multiple accounts associated with it. 
  • Each workgroup account can only log into the workgroup computer it belongs to 
  • Workgroup accounts are not password-protected 
  • Computers in a workgroup must all be on the same LAN or subnet 
  • The number of computers in a workgroup is far smaller than in a domain. This breaks down to an average of 20 computers for a workgroup

resources.infosecinstitute.com



Comments

Post a Comment

Popular posts from this blog

OpenVas: Vulnerability Scanning | Installation Guide

Nmap | TryHackMe Walkthrough

Wireshark for Security Analysis | Customization & Common features