Windows Domains

In order for a user working on a computer running Windows XP Professional to connect to and access domain resources, both the user and the computer must have domain accounts. Unlike stand-alone computers or computers that are part of a workgroup-based network, computers that join a domain are subject to domain administration. This includes being subject to:

• Domain security settings

• Domain group policies

• Domain user policies

Unlike stand-alone and workgroup computers, a computer joined to a Windows domain cannot use the Windows Welcome screen. Users must instead press Ctrl+Alt+Delete and use the Log On to Windows dialog to log on and to authenticate.

Domain User Accounts

When connected to a Windows domain, Windows XP Professional supports the following types of user accounts.

• Local account. Provides access to resources located on the computer where the user account is defined

• Domain account. Allows users to log into the domain and then access any computer or resource to which the user has been given access

Each domain user is assigned a user account, which allows the user to log on from any computer defined to the domain and to access any network resources for which the user has been granted access. Domain user accounts are stored in the active directory, which is managed by a collection of computers known as directory servers.

Users have two options when logging on to a computer that is connected to a domain network.

• Log on locally to the computer, which limits access to local resources

• Log on to the domain, which provides access to domain resources

When a user logs on to a computer running Windows XP Professional, his or her user ID and password are passed to the SAM or to a domain controller, depending on which login option was selected. If the user is logging in to the domain, the user's username and password are passed to a domain controller for authentication. If a match occurs, the user is permitted to complete the login process and an access token is generated, which is then used to determine what resources the user is permitted to access on the local computer and other network resources.

Adding a Computer to a Domain

In order for a user with a computer running Windows XP Professional to connect to a Windows domain, the user must have a domain user account. In addition, the computer running Windows XP Professional must have a computer account on the domain.The computer's domain account can be set up in advance by a domain administrator, allowing the computer to join the domain when Windows XP Professional is installed. Alternatively, the person installing Windows XP Professional may create a domain account for the computer during the installation process, provided that the person performing the installation is a domain administrator.

The computer can also be added to a domain after installation using the following procedure.

1. Click on Start and then right-click on My Computer and select Properties.

2. Select the Computer Name property sheet, as shown in Figure 18.12.

   
   Figure 18.12: Changing the name assigned to a computer running Windows XP Professional

3. Click on Change.

4. The Computer Name Changes dialog appears, as shown in Figure 18.13.

   
   Figure 18.13: Adding a computer running Windows XP Professional to a Windows domain

5. Select Domain and type the name of the domain to which the computer is to be joined. The computer name must exactly match the name assigned to the computer by the domain administrator.

6. If a computer account has not already been established for the computer, type a username and password for a domain administrator when prompted and click on OK.

7. A pop-up message will appear welcoming the computer to the domain. Click on OK.

8. Click on Yes when prompted to restart the computer.