Brendan,
Thanks for your reply....
Quote:>The reason that it is different on the PDC or a BDC is because the
>Domain user database is the same as the local user database for those
>machines.
If a user (test000) on a NT workstation (local account - ie logs in
locally) tries to access a share on a server SERV1 (member server not
PDC /BDC) belonging to a domain DOM1 and the user account test000
exists as a domain user on DOM1. The share on SERV1 is set to 'Full
Control' for Everyone. Passwords are the same on the workstation and
domain account on the PDC/BDC.
Would this mean the user will be challeged or rejected ?
Would the mapping be successful or without challege, if the user logs
into the domain DOM1 from the workstation (not using the local Sam)
Quote:>Hope this helps and that I didnt turn a simple concept into
> a complex one...i tend to rant a bit :)
Indeed this was helpful, thanks again.
Jo
>Jo,
>This is a normal part of Windows NT/2000 security. When the
>workstation is logged into locally, a username and password is
>activated and lets you in. The security on this account is local, so
>it could be a user, power user, or admin account, whatever you have
>setup for it. Now, when you go out to map a network share on a remote
>system, what happens is that you send a packet that contains your user
>id and password to the remote system. If it is an NT box (workstation
>or server), it checks your information versus its user database. If
>your credintials on both systems are identical, it authenticates you
>on the remote system with whatever access you have rights to. It then
>checks what you are trying to do (e.g. acess a shared folder in this
>case) and verifies that your account on that system has the right to
>do so. If it does, it grants it, if it does not, you are rejected.
>Now, if you were on a domain, and tried to map to a share that was on
>a standalone server or a remote workstation that you did NOT have an
>account on, you would be challenged for a username and password. You
>would either have to create a local account on the standalone server
>or be logged into the same domain with it so you could access shares.
>The reason that it is different on the PDC or a BDC is because the
>Domain user database is the same as the local user database for those
>machines. Hope this helps and that I didnt turn a simple concept into
>a complex one...i tend to rant a bit :)
>Brandon
>> Hi
>> Could someone please explain or lead me to where I can get further
>> information.
>> Scenerio:
>> I create a local user on an NT 4.0 Workstation , eg. test000
>> I create an account on a NT 4.0 Server (enterprise ed. a PDC) the id
>> and password as the workstation user id - the user belongs to the
>> domain users group.
>> I create a share on the server eg: d:\files with permission granted to
>> everyone.
>> Now I long into the workstation locally , without authenticating
>> outside, (ie using the local sam.)
>> I try mapping a drive to the NT server share, and the drive is mapped
>> automatically without any challege.
>> My question is why does this automatically happen ? aren't there two
>> separate SAM databases, on the local machine and the sam on the PDC??
>> However if I can change either password, (ie no longer in sync), only
>> then I get a challege.
>> Does this happen in WIN2K ????
>> THanks
>> Jo
by