A Windows ___domain is a form of a computer network in which all user accounts, computers, printers and other security principals, are registered with a central database located on one or more clusters of central computers known as ___domain controllers. Authentication takes place on ___domain controllers. Each person who uses computers within a ___domain receives a unique user account that can then be assigned access to resources within the ___domain. Starting with Windows Server 2000, Active Directory is the Windows component in charge of maintaining that central database.[1] The concept of Windows ___domain is in contrast with that of a workgroup in which each computer maintains its own database of security principals.

Configuration

edit

Computers can connect to a ___domain via LAN, WAN or using a VPN connection. Users of a ___domain are able to use enhanced security for their VPN connection due to the support for a certification authority which is gained when a ___domain is added to a network, and as a result, smart cards and digital certificates can be used to confirm identities and protect stored information.

Domain controller

edit

In a Windows ___domain, the directory resides on computers that are configured as ___domain controllers. A ___domain controller is a Windows or Samba server that manages all security-related aspects between user and ___domain interactions, centralizing security and administration. A ___domain controller is generally suitable for networks with more than 10 PCs. A ___domain is a logical grouping of computers. The computers in a ___domain can share physical proximity on a small LAN or they can be located in different parts of the world. As long as they can communicate, their physical ___location is irrelevant.

Integration

edit

Where PCs running a Windows operating system must be integrated into a ___domain that includes non-Windows PCs, the free software package Samba is a suitable alternative. Whichever package is used to control it, the database contains the user accounts and security information for the resources in that ___domain.

Active Directory

edit

Computers inside an Active Directory ___domain can be assigned into organizational units according to ___location, organizational structure, or other factors. In the original Windows Server Domain system (shipped with Windows NT 3.x/4), machines could only be viewed in two states from the administration tools; computers detected (on the network), and computers that actually belonged to the ___domain. Active Directory makes it easier for administrators to manage and deploy network changes and policies (see Group Policy) to all of the machines connected to the ___domain.

Workgroups

edit

Windows Workgroups, by contrast, is the other model for grouping computers running Windows in a networking environment which ships with Windows. Workgroup computers are considered to be 'standalone' - i.e. there is no formal membership or authentication process formed by the workgroup. A workgroup does not have servers and clients, and hence represents the peer-to-peer (or client-to-client) networking paradigm, rather than the centralized architecture constituted by Server-Client. Workgroups are considered difficult to manage beyond a dozen clients, and lack single sign on, scalability, resilience/disaster recovery functionality, and many security features. Windows Workgroups are more suitable for small or home-office networks.

See also

edit

Notes

edit
  1. ^ Northrup, Tony. Introducing Microsoft Windows 2000 Server, Microsoft Press, 1999. ISBN 1-57231-875-9