Windows Server 2003 - SAM
Home | Editions | Security | Active Directory | Resources | Contents
Get the Book
Major Topics

Editions
Security
Active Directory
Resources
Contents
Other Topics
Up
SAM
DACL
Permissions
Inheritance
Auditing
AD
More Detail

Memory from Crucial.com


2004 Team Approach Limited
All rights reserved


Security Accounts Manager

For centralized administration, Windows Servers are managed with the Active Directory. However, for small numbers of computers can be configured in a workgroup where there is not centralized administration.  Workgroup computers do not access or create the Active Directory.  Every Windows server and workstation has a local SAM Security Accounts Manager database with local user and group accounts. In a workgroup environment, users authenticate locally on each computer. There is not connection between user accounts in the SAM database on one computer and user accounts in another computer's SAM database. If some users want access to multiple computer, then multiple computers accounts should be created on each computer.

Guest Account

In a workgroup environment, if a user needs access to 5 computer, you may wish to create user accounts on each of the 5 computer for that user. Five passwords are maintained and must be specified to complete the authentication for each computer accessed. If security is not important, the Guest Account can be enabled. If the Guest Account is enabled, then no authentication dialog is presented when a server is accessed. The remote access is authenticated with the Guest account and has whatever rights and permissions assigned to the Guest account.

Local Logon

It is possible to authenticate to accounts in the local SAM database, even for computer that a members of a domain. The logon dialog allows for the specification of the domain in the field labeled Logon to the. Although the domain is normally specified, you can also specify (this computer) to authenticate to a local SAM account. Access to the Active Directory is not possible with a local logon. Local account users can access the resources of the local computer but other servers are not accessible without further authentication.

Local users accounts are managed with the Computer Management console.

Keyboard Exercise

Find the local user accounts in the Computer Management console.