Lesson 3:Understanding Workgroups and Domains

Windows XP Professional supports two secure network environments in which users are able to share common resources, regardless of network size: workgroups and domains.


After this lesson, you will be able to

  • Identify the key characteristics of workgroups and domains and explain how they work

Estimated lesson time: 15 minutes


Workgroups

A Windows XP Professional workgroup is a logical grouping of networked computers that share resources, such as files and printers. A workgroup is also called a peer-to-peer network because all computers in the workgroup can share resources as equals (peers) without a dedicated server.

Each computer in the workgroup maintains a local security database, which is a list of user accounts and resource security information for the computer on which it resides. Therefore, using a local security database decentralizes the administration of user accounts and resource security in a workgroup. Figure 1.10 shows a local security database.

Figure 1.10 An example of a Windows XP Professional workgroup

A workgroup can contain computers running one of the Microsoft Windows NT and Windows 2000 Server products as long as the server is not configured as a domain controller. (Domain controllers are explained later in this lesson.) In a workgroup, a computer running Windows NT or Windows 2000 Server is called a stand-alone server.

Because workgroups have decentralized administration and security, the following are true:

  • A user must have a user account on each computer to which he or she wants to gain access.
  • Any changes to user accounts, such as changing a user's password or adding a new user account, must be made on each computer in the workgroup. If you forget to add a new user account to one of the computers in your workgroup, the new user will not be able to log on to that computer and will be unable to access resources on it.

A workgroup provides the following advantages:

  • It does not require inclusion of a domain controller in the configuration to hold centralized security information.
  • It is simple to design and implement. It does not require the extensive planning and administration that a domain requires.
  • It is a convenient networking environment for a limited number of computers in close proximity. However, a workgroup becomes impractical in environments with more than 10 computers.

Domains

A domain is a logical grouping of network computers that share a central directory database (see Figure 1.11). A directory database contains user accounts and security information for the domain. This database is known as the directory and is the database portion of Active Directory service, the Windows 2000 directory service.

Figure 1.11 A Windows 2000 domain

In a domain, the directory resides on computers that are configured as domain controllers. A domain controller is a server that manages all security-related aspects of user and domain interactions, centralizing security and administration.

You can designate only a computer running one of the Microsoft Windows 2000 Server products as a domain controller. If all computers on the network are running Windows XP Professional, the only type of network available is a workgroup.

A domain does not refer to a single location or specific type of network configuration. The computers in a domain can share physical proximity on a small LAN, or they can be located in different corners of the world. They can communicate over any number of physical connections, including dial-up lines, Integrated Services Digital Network (ISDN) lines, fiber lines, Ethernet lines, token ring connections, frame relay connections, satellite connections, and leased lines.

The benefits of a domain include the following:

  • Centralized administration, because all user information is stored centrally.
  • A single logon process for users to gain access to network resources (such as file, print, and application resources) for which they have permissions. In other words, you can log on to one computer and use resources on another computer in the network as long as you have appropriate permissions to access the resource.
  • Scalability, so that you can create very large networks.

A typical Windows 2000 domain includes the following types of computers:

  • Domain controllers running Windows 2000 Server. Each domain controller stores and maintains a copy of the directory. In a domain, you create a user account once, which Windows 2000 records in the directory. When a user logs on to a computer in the domain, a domain controller authenticates the user by checking the directory for the user name, password, and logon restrictions. When there are multiple domain controllers in a domain, they periodically replicate their directory information.
  • Member servers running Windows 2000 Server. A member server is a server that is not configured as a domain controller. A member server does not store directory information and cannot authenticate users. Member servers provide shared resources such as shared folders or printers.
  • Client computers running Windows XP Professional, Windows 2000 Professional, or one of the other Microsoft Windows client operating systems. Client computers run a user's desktop environment and allow the user to gain access to resources in the domain.

Lesson Review

The following questions will help you determine whether you have learned enough to move on to the next lesson. If you have difficulty answering these questions, review the material in this lesson before beginning the next lesson. The answers for these questions are in Appendix A, "Questions and Answers."

  1. Which of the following statements about a Windows XP Professional workgroup are correct? (Choose all that apply.)
    1. A workgroup is also called a peer-to-peer network.
    2. A workgroup is a logical grouping of network computers that share a central directory database.
    3. A workgroup becomes impractical in environments with more than 100 computers.
    4. A workgroup can contain computers running Microsoft Windows 2000 Server as long as the server is not configured as a domain controller.
  2. What is a domain controller?
  3. A directory database contains user accounts and security information for the domain and is known as the __________________. This directory database is the database portion of ______________________________, which is the Windows 2000 directory service.
  4. A ____________ provides a single logon for users to gain access to network resources that they have permissions to access, such as file, print, and application resources.

Lesson Summary

  • A Windows XP Professional workgroup is a logical grouping of networked computers that share resources such as files and printers.
  • A workgroup is referred to as a peer-to-peer network because all computers in the workgroup can share resources as equals (peers) without a dedicated server.
  • Each computer in the workgroup maintains a local security database, which is a list of user accounts and resource security information for the computer on which it resides.
  • A domain is a logical grouping of network computers that share a central directory database containing user accounts and security information for the domain.
  • This central directory database is known as the directory and is the database portion of Active Directory service, which is the Windows 2000 directory service.
  • The computers in a domain can share physical proximity on a small LAN or can be distributed worldwide, communicating over any number of physical connections.
  • A computer running Windows 2000 Server can be designated as a domain controller. If all computers on the network are running Windows XP Professional, the only type of network available is a workgroup.


MCSE Microsoft Windows XP Professional
70-270: MCSE Guide to Microsoft Windows XP Professional (MCSE/MCSA Guides)
ISBN: 0619120312
EAN: 2147483647
Year: 2002
Pages: 128

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net