Windows domain and workgroup

Domain definition
DOMAIN
A Domain is an independent unit running on a Windows network. To access each other, You must establish a Trust relationship (Trust Relation ). A trust relationship is a bridge between a domain and a domain. After a domain has established a Trust Relationship with other domains, the two domains can not only manage each other as needed, but also allocate device resources such as files and printers across the network, allows you to share and manage network resources between different domains.
A domain is not only a logical organizational unit of a Windows network operating system, but also a logical organizational unit of the Internet. In a Windows network operating system, a domain is a security boundary. The domain administrator can only manage the domain. Only when other domains explicitly grant management permissions to others can the domain administrator access or manage other domains. Each domain has its own security policy, and its security trust relationship with other domains.
Domain: A domain is a management boundary used for a group of computers to share a shared security database. A domain is actually a collection of servers and workstations.

In a file system, a field is also called a field, which is a basic unit that cannot be further divided into indexes. A field contains a value. Such as the student name. You can describe the data type (such as binary, character, String, etc.) and length (the number of bytes occupied.

Relationship between domain and workgroup
In fact, we can associate the domain with the Working Group to understand that all your settings on the working group include various policies on the local machine. User logon is also performed on the local machine, the password is verified in the local database. If your computer is added to the domain, all the policies are set by the domain controller. The user name and password are also verified by the domain controller, in other words, your account and password can be logged on to any computer in the same domain.
If the Working Group is a "Free hotel", the Domain is a "Star Hotel". The Working Group can go in and out, while the Domain must be strictly controlled. The true meaning of "domain" refers to the combination of computers that the server controls whether computers on the network can join. When it comes to combination, strict control is required. Therefore, strict management is necessary for network security. In peer-to-peer mode, any computer can access shared resources, such as Internet sharing, as long as it is connected to the network. Although shared files on a peer-to-peer network can be used with access passwords, they are easily cracked. In an equivalent network consisting of Windows 9x, data transmission is extremely insecure.
A working group is a set of computers. It is only a set of logic. Each computer is managed by itself. You need to access the computer, it is still necessary to implement user verification on the accessed computer. Different domains are a set of computers with security boundaries. Computers in the same domain have established trust relationships with each other to access other machines in the domain, you no longer need to be authorized to access the machine. Why? The Administrator creates a computer account for each computer in the domain (which may not be in the same domain as the user) when the computer is added to the domain. The account is password-protected like the user account. But you have to ask, I have never entered any password. Yes, you did not enter it. The password of a computer account is not called a password. It is called a logon ticket in the domain, it is issued and maintained by KDC service on 2000 of DC (Domain Controller. To ensure system security, KDC automatically updates all bills every 30 days and records the tickets used last time. Cycle. That is to say, the server keeps two tickets for 60 days. After 60 days, the tickets used last time are discarded by the system. If the ticket contained in your GHOST backup is 60 days, the computer will not be verified by the KDC service, and the system will disable any access requests (including logon) on this computer ), the solution is to remove the computer from the domain and re-join the computer. The KDC service will reset the ticket. Alternatively, use the NETDOM command in the 2000 resource package to forcibly reset the Security ticket. Therefore, in a domain environment, do not use GHOST to back up the system partition after the computer is added to the domain. If yes, make sure that the backup is performed within 60 days during recovery, if the quota is exceeded, contact your system administrator. You can ask the Administrator to reset the computer security ticket. Otherwise, you will not be able to renew the domain environment.