RE: Local Account Vs Domain Account

From: thalm (thalm_at_netcabo.pt)
Date: 01/20/04

  • Next message: Matthew Wagenknecht: "RE: Local Account Vs Domain Account"
    Date: Tue, 20 Jan 2004 18:47:19 -0000
    To: "Leon, Mauricio (Toronto)" <Mauricio.Leon@WatsonWyatt.com>, <focus-ms@securityfocus.com>
    
    

    Well, since you can specify the access rights in the local machine for the domain account, the possible security issues of Domain/Local Accounts are the same. The Domain account can even be configured as a "guest" in the local machine.
     
    As for security issues, remember the account with which the (COM+) package will run, needs only the "LogOn As a Batch Job" access right and (RX) Read Execute access to that specific DLL.
     
    Hope it helps,
    Tiago Halm
     

            -----Original Message-----
            From: Leon, Mauricio (Toronto) [mailto:Mauricio.Leon@WatsonWyatt.com]
            Sent: Tue 1/20/2004 2:59 PM
            To: focus-ms@securityfocus.com
            Cc:
            Subject: Local Account Vs Domain Account
            
            

            If you have to install a component or an application that runs using an
            account , what are the disadvantages/risks (from security standpoint)of
            using a Domain Account instead of a Local Account and vice versa.
            
            Mauricio
            
            ---------------------------------------------------------------------------
            ---------------------------------------------------------------------------
            
            

    ---------------------------------------------------------------------------
    ---------------------------------------------------------------------------


  • Next message: Matthew Wagenknecht: "RE: Local Account Vs Domain Account"

    Relevant Pages

    • Re: Log-on in Peer to Peer vs. Log-on in client/server network
      ... The username/password is the one that you set up on the server (and the user ... you can import the local profile to the domain account ... > local machine such as installing software and such. ... Javier [SBS MVP] ...
      (microsoft.public.windows.server.sbs)
    • RE: "Debugger component on the server failed to connect"?
      ... I'm logged into my local machine as "\davesusername". ... Both machines belong to the same domain, so I added this same domain account to the Debugger Users group on my shared development server (devserver). ...
      (microsoft.public.vsnet.debugging)
    • Re: Remote Registry HKCU entries
      ... > I am trying to write a script (vbs) that will run under an operator's ... > domain account, connect to a local machine and add entries to another ...
      (microsoft.public.vb.general.discussion)
    • Re: Remote Registry HKCU entries
      ... > I am trying to write a script (vbs) that will run under an operator's ... > domain account, connect to a local machine and add entries to another ...
      (microsoft.public.vb.general.discussion)
    • Re: NTLM authentication
      ... EventLog and watch the security events after each bind. ... This should fail because authentication will be done to the LOCAL SAM and you said BOB ... where domain is your logon domain and user a domain account. ... makes it possible for the Security Provider to make a distinction between a local account ...
      (microsoft.public.dotnet.languages.csharp)