| Previous | Table of Contents | Next |
Windows NT Server introduces several new concepts for you (the network administrator) to consider while working with your network. In this chapter, we’ll take a look at the differences between workgroups and domains, and introduce the trust concept. Then, we’ll examine the differences among the Windows NT Server modes of operation. Following our modes-of-operation discussion will be an introduction to the domain models supported by Windows NT Server. Finally, we will spend some time discussing workstations and servers. This discussion will include the types of workstations and servers you may find on your network. We have a lot of ground to cover, so let’s get started.
If you have used Windows for Workgroups or Windows 95, you might already be familiar with the workgroup concept. Then again, maybe not, which is why we will discuss the properties of the workgroup and domain models. This will give you a better understanding of how workgroups and domains work, why you might choose one over the other, and maybe even why you might want to use both simultaneously. So, having said that, let’s take a look at the workgroup model.
A workgroup is a casual affiliation of computers logically grouped into a single access point. This organization cuts down on the clutter when your users browse for resources on the network. Instead of seeing all the resources shared on the network, users first see the shared resources of the workgroup they belong to. They will only see resources in other workgroups if they explicitly browse to another workgroup. Aside from cutting down on the clutter a user sees, a workgroup cuts down on network traffic. This results because each browse request requires either a browse master (a computer that maintains a static list of online computers belonging to a workgroup) or the computer being browsed for shared resources to respond with a list of the resources being shared. Because most users find the resources they want in their own workgroup, the amount of browse requests decreases.
All security in a workgroup is based on the local computer (i.e., the computer sharing the resource). This creates a serious administrative chore because all workgroup computers must have the same user accounts defined if you want to allow other computer users to access your shared resources transparently (i.e., without requiring users to supply a user account and password) in a user access environment. A user access environment provides the ability to limit access to shared resources on an individual user basis. Each individual user can have different access restrictions. In a large workgroup environment (more than five computers), it is easier to use only share access to limit access to your shared resources. Share access uses an individual password for read-only access and another password for full-access to your shared resources.
A domain is similar to a workgroup in that it provides the same grouping ability as a workgroup, but with one major difference. A domain has a centralized user database that resides on the domain controller. All user authentication is based on this central user database, which makes your life as a network administrator much easier.
Domains also include the ability to establish a secure, or trusted, connection. This concept of trust begins with the computer account assignment when you install Windows NT or when you manually create the computer account with Server Manager For Domains. A Windows NT computer cannot be a domain member without a computer account. Although, you can access shared resources on a domain if you are a workgroup member, as long as you have a user account on the domain and there are no trust relationships defined for the domain.
Creating A Computer AccountCreating a computer account is a simple task, but it requires administrative privileges. The first way to create a computer account is during the Windows NT installation procedure. When you choose to join a domain (rather than a workgroup), you are presented with a dialog box. You use this dialog box to enter the domain name, administrator’s user account, and administrator’s password. This method works quite well, but it is rarely used because no administrator wants to give a user or technician an administrator account just to install Windows NT.
The alternative method is to use Server Manager For Domains. This is the preferred method because it forces users to use predefined computer names. After all, how many of you want to see computer names like FRODO, TOOCOOL, or the WIZ on your domain? To create a computer account for your user, follow the steps presented in this sidebar.
- 1. Launch Server Manager For Domains, which is located in your Administrative Tools program group.
- 2. Select Add To Domain from the Computer menu.
- 3. When the Add Computer To Domain dialog box appears, select the Windows NT Workstation Or Server radio button for a Windows NT workstation and server or Windows NT Backup Domain Controller for a BDC, and then enter the computer name for the client in the Computer Name field.
- 4. Click OK, and the computer name will be added to the domain list, ready for use when your user installs Windows NT.
That’s all there is to it. However, there is one important characteristic about a computer account you should be aware of. Every computer account has a unique security identifier (SID) associated with it. If you delete and re-create an account, the computer will not be able to access any domain resources because the computer is no longer a member of the domain. In order to rejoin the domain, the user would need to change to a workgroup first, then reboot the computer, and join the domain again. Both of these actions are performed via the Network Control Panel applet. The reason a user has to do this is because Windows NT caches the SID associated with the computer account in the registry. Unless a user joins a workgroup before rejoining the domain, the cached account would be used instead of obtaining the new SID associated with the newly created computer account.
| Previous | Table of Contents | Next |