User groups, Introduction to AD domain control

The "free" working Group     Working Group (Work group) is the ability to separate different computers into different groups by function to facilitate management. For example, in a network, there may be hundreds of thousands of working computers, if these computers do not group, are listed in the "Network Neighborhood", it is conceivable how messy (I am afraid the network will also show "next Page" bar). In order to solve this problem, windows 9x/nt/2000 quoted the concept of "working group", such as a university, which would be divided into mathematics department, Chinese department and so on, then the computer of mathematics department is all included in the Working Group of Mathematics Department, the Chinese department computer is all included in the Working Group of Chinese Department ...... If you want to access a department of resources, in the "Network Places" to find the department's workgroup name, double-click to see the Department of the other computer.     So how do you get involved in a workgroup? In fact, the method is very simple, just right click on the Windows desktop "Network Places", in the pop-up menu select "Properties", click "Identity", in the "Computer name" column to add your desired name, in the "Workgroup" column to add the name of the workgroup you want to join. If the workgroup name you entered is a non-existent workgroup, it is equivalent to creating a new workgroup, and of course only your own computer. Note, however, that the computer name and workgroup cannot be longer than 15 English characters, and you can enter Chinese characters, but not more than 7 characters. "Computer description" is an additional information, do not fill it out, but it is better to fill in some of this computer owner's information, such as "Math system host" and so on. After you click the OK button, Windows 98 prompts you to restart, restart as required, and then go to My Network Places to see the members of your workgroup.     Relatively speaking, the members of the same team have the highest frequency of exchanging information with each other, so when you enter the "Network Neighborhood", you first see the members of your working group. If you want to access members of other workgroups, you need to double-click the entire network, and then you will see other workgroups on the network, double-click the names of the other workgroup so that you can see the members inside and exchange them for resources.     Besides, you can also quit a workgroup, and the method is simple, just change the workgroup name. However, you can still access your shared resources on the Internet, just to change a workgroup. That is, you can easily join any workgroup on the same network or leave a workgroup at any time. "Workgroup" is like a club that joins and exits freely. Its function is merely to provide a "room" to facilitate the browsing of resources shared by the Internet computer.     domain management and setup     For example, if the workgroup is "free hotel" then the domain is "star hotel", the workgroup can be casually passed his door, and the domain needs to be tightly controlled. The true meaning of "domain" refers to the combination of computers on which the server controls whether computers on the network can join. A mention of the combination, it is bound to require strict control. Therefore, it is necessary to implement strict management for network security. In peer mode, any computer with access to the network, other machines can access shared resources, such as shared Internet access. Although shared files on the peer network can be accessed with passwords, they are easily cracked. In a peer network composed of windows 9x, the transmission of data is very insecure.     However, in "domain" mode, at least one server is responsible for each TSU into the network computer and the user's verification work, the equivalent of a unit of the doorman, called "Domain Controller (domain controller, abbreviated to DC)." The     domain controller contains a database of information, such as the account, password, and computer belonging to the domain. When the computer is linked to the network, the domain controller first to identify whether this computer belongs to this domain, the user is using the login account exists, the password is correct. If the information above is not correct, then the domain controller will deny the user from logging on to this computer. Unable to log on, the user can not access the server has rights to protect the resources, he can only be a peer user access to Windows shared resources, to some extent, to protect the resources on the network.     to put a computer into the domain, just so that it and the server in the Network Neighborhood can "see" to the other is not enough, you must be the network administrator to set up the corresponding computer to join the domain. This will enable sharing of files.

First, the Microsoft ad-based domain model, the greatest advantage is the implementation of centralized management. Previously in countless clients to repeat the settings more than once, as long as the domain controller to do a set on it. Reduce the workload of administrators, and even reduce the cost of maintaining corporate networks, reducing TCO. Convenient for administrators.
Second, for the ordinary users in the domain may not be a good thing, the original is a workgroup everyone is the local computer administrator, want to install QQ installed QQ, want to install Thunderbolt installed Thunder, everyone is local despot. After the domain mode. Ordinary domain users for the client's poor, can say the administrator to do what to do, lost control of the host. For ordinary working hours to fry a stock, play a game, a mess of the software to the people there is no any benefits. But the company is not an Internet café, this can improve the efficiency of work, is in line with the overall interests of the company.
Third, the ad is a large security boundary, the user as long as the login to verify the identity, the domain forest all allowed access to resources can be directly accessible, no more authentication, but also improve the efficiency of reducing maintenance costs.
iv. for user benefits, through Folder Redirection we can redirect all user desktops ' My Documents ' to the file server. One can centrally back up without worrying about user data loss due to client reload and failure, and it is possible to find your own "My Documents" for documents to follow, regardless of which computer the user logs on in the domain.

User groups, Introduction to AD domain control