Domain workers. Difference Between Domain and Workgroup

Windows XP Professional supports two network environments where users can share shared resources regardless of network size: workgroups and domains.

Working group(workgroup) Windows XP Professional is a logical grouping of networked computers that share common resources such as files and printers. The working group is also called peer-to-peer network(peer-to-peer network), because all computers in it can use shared resources on equal terms, i.e. without a dedicated server.

Each computer in a workgroup maintains a local computer security policy database ( local security database). This database is a list of user accounts and information about access rights to resources on the computer where it resides. Therefore, using the local computer's security policy database decentralizes the administration of user accounts and resource access policies in a workgroup.

Since workgroups decentralize administration and resource access policy, the following statements are true:

Ø the user must have his own account on each computer he wants to access;

Ø any change to user accounts, such as changing their password or creating a new one account, must be run on every computer in the workgroup. If you forget to register a new account on one of the computers in your workgroup, then New user will not be able to access this computer and its resources.

The working group has the following advantages:

Ø it does not require the inclusion of a domain controller in the network to store centralized information about security policies;

Ø It is easy to design and operate. Unlike a domain, it does not require large-scale planning and administration;

Ø It is a convenient network environment for a small number of computers located not too far from each other. However, the organization of a workgroup is impractical in networks containing more than 10 computers.

Domain(domain) is a logical grouping of computers on a network that share a central directory database. The directory database contains user accounts and security policy information for a domain. This database is called the directory and is part of the service database. Active Directory- directory services Windows 200x Server.

In a domain, the directory is located on computers - domain controllers. Domain controller(domain controller) is a server that coordinates all security settings between the user and the domain and centralizes the administration and management of security policies.

Only a computer on the platform can be a domain controller Microsoft Windows 200x Server. If all computers on the network are running Windows platform XP Professional, the only type of network available will be a workgroup.

Each domain controller stores and maintains a copy of the directory. In a domain, you create a single user account that Windows 200x writes to a directory. When a user logs on to a domain computer, the domain controller authenticates the user by checking the directory for the user's account, password, and logon restrictions. If there are multiple domain controllers in a domain, then they periodically exchange data for their copies of the directory.

Domain has nothing to do with network location or specific type network configuration. Computers in a domain can be located side by side in a small local network(LAN) or be located in different parts of the world. They can communicate with each other over any physical connection, including telephone lines, ISDN lines, fiber optic lines, Ethernet lines, token ring networks, frame relay connections, satellite communications, and leased lines.

The advantages of a domain are obvious:

Ø centralized administration, because all information about users is stored in one place;

Ø Single user registration to gain access to all network resources (files, printers and programs) with the required access rights. In other words, you can log on to one computer on the network and use the resources of another computer, provided that you have the appropriate access permissions;

Ø scalability, which allows you to create very large networks.

What is the difference between a domain and a workgroup?

2 replies

the real answer to this question is:

Domains, workgroups, and homegroups represent different methods for organizing computers on a network. The main difference between the two is how the computers and other resources on the networks are managed.

computers under Windows control on the network must be part of a workgroup or domain. Windows-based computers on home networks can also be part of a homegroup, but they don't have to be.

computers on a home network are usually part of a workgroup and possibly a homegroup, while computers on work networks are usually part of a domain.

in the working group:

all computers are network peers; no computer can control another computer.

each computer has a set of user accounts. To log on to any computer in a workgroup, you must have an account on that computer.

there are usually no more than twenty computers.

the workgroup is not password protected.

all computers must be on the same local network or subnet.

in domain:

one or more computers are servers. Network administrators use servers to manage security and permissions for all computers per domain. This makes it easier to make changes because the changes are automatically made on all computers. Domain users must provide a password or other credentials each time they access the domain.

If you have a user account in the domain, you can log on to any computer in the domain without an account on that computer.

You can probably only make limited changes to your computer's settings because network administrators often want to ensure consistency among computers.

There can be thousands of computers in a domain.

computers can be in different local networks.

If your computer is on a large network at work or school, it probably belongs to domain. If your computer is in home network, it belongs groups and may also belong to home group . When setting Windows networks automatically creates a workgroup and names it WORKGROUP.

A - threads in user space

B - threads in kernel space

In case A, the kernel knows nothing about threads. Each process needs a thread table, similar to the process table.

Advantages of Case A:

Such multithreading can be implemented on a kernel that does not support multithreading.

Faster switching, creation and termination of threads

A process can have its own scheduling algorithm.

Disadvantages of Case A:

No timer interrupt within the same process

When using a blocking (the process is put into standby mode, for example: reading from the keyboard, but no data is received) system request, all other threads are blocked.

Complexity of implementation

Multiplexing User Threads in Kernel Threads

2.2.5 Windows Implementation Features

Four concepts are used:

Job - a set of processes with common quotas and limits

• Fiber is a lightweight thread managed entirely in user space

Threads run in user mode, but on system calls they switch to kernel mode. Due to switching to kernel mode and back, the system slows down very much. Therefore, the concept of fiber was introduced. Each thread can have multiple fibers.

Lecture 2. OS workstations and servers. Working groups and domains. Active directory. Primary servers and services in the enterprise network.

Working groups and domains.

Domain is a logical grouping of computers on a network that share a central directory database. The directory database contains user accounts and security policy information for the domain. This database is called a directory and is part of the Active Directory database, the Windows directory service.

In a domain, the directory is located on computers - domain controllers. A domain controller is a server that coordinates all security settings between user and domain and centralizes the administration and management of security policies.

You can only designate a computer running one of the Microsoft platforms as a domain controller. Windows Server 2000/2003/2008. If all computers on the network are running Windows XP/Vista/7/8, then the only available network type will be a workgroup. In the future, in the lecture notes, for brevity, we will call all server versions Windows Server, and the operating systems of Windows XP / Vista / 7/8 workstations will be called Windows for Workstations.

A domain has nothing to do with a network location or a particular type of network configuration. Computers in a domain can be located side by side on a small local area network (LAN) or located in different parts of the world. They can communicate with each other over any physical connection, including phone lines, ISDN lines, fiber optic lines, Ethernet lines, token ring networks, frame relay connections, satellite communications and dedicated lines.

Domain Advantages obvious:

Centralized administration, because all user information is stored in one place;

One-time user registration to gain access to all network resources (files, printers and programs) with the required access rights. In other words, you can log on to one computer on the network and use the resources of another computer, provided that you have the appropriate access permissions;

Scalability, which allows you to create very large networks.

The types of computers that a typical Windows domain includes are listed below.

Domain controllers on the Windows Server platform. Each domain controller stores and maintains a copy of the directory. In a domain, you create a single user account that Windows writes to a directory. When a user logs on to a domain computer, the domain controller authenticates the user by checking the directory for the user's account, password, and logon restrictions. There can be multiple domain controllers in a domain, and they periodically exchange their copy of the directory data.

Server without controller status in a specific domain. The member server does not maintain a directory and is unable to authenticate users. Member servers share network resources, such as shared folders or printers.

Client computers on Windows XP/Vista/7/8 or any other operating platform Microsoft system, not used as a server. Client computers are desktop systems users that grant users access to domain resources.

Windows workgroup A logical grouping of networked computers that share common resources such as files and printers.

A workgroup is also called a peer-to-peer network because all computers in it can use shared resources on equal terms, i.e. without a dedicated server.

Each computer in a workgroup maintains only its own local security database. This database is a list of user accounts and information about access rights to resources on the computer where it resides. Therefore, using the local computer's security policy database decentralizes the administration of user accounts and resource access policies in a workgroup.

Note: A workgroup, along with computers running a client OS, may include computers running such Microsoft platforms, like Windows Server, unless, of course, it is configured as a domain controller. In a workgroup, a Windows Server computer is referred to as a stand-alone server.

Since workgroups decentralize administration and resource access policy, the following statements are true: a user must have his own account on every computer he wants to access; any change to a user's accounts, such as changing their password or creating a new account, must be done on each computer in the workgroup.

If you forget to register a new account on one of your workgroup computers, the new user will not be able to access that computer and its resources.

The working group has the following advantages:

It does not require a domain controller to be included in the network to store centralized information about security policies;

It is easy to design and operate. Unlike a domain, it does not require large-scale planning and administration;

This is a convenient network environment for a small number of computers located not too far apart.

Lecture 3 Creation and user and computer account management (in a domain)

User account is a record that contains the information necessary to identify the user when connecting to the system, as well as information for authorization and accounting. (difference between identification and authorization?)

it username and password (or other similar means of authentication - for example, biometric characteristics). The password or its equivalent is usually stored in encrypted or hashed form (for security purposes).

To increase security, along with the password, alternative means of authentication can be provided - for example, a special Secret Question(or several questions) of such content that only the user can know the answer. Such questions and answers are also stored in the account.

The account may contain the following additional personal data about the user:

• patronymic;

  alias (nickname);

  nationality;

  race;

  religion

  blood group;

  Rh factor;

• date of birth;

  E-mail address;

  home address;

  work address;

  netmail address;

  home phone number;

  work phone number;

  cell phone number;

  ICQ number;

  Skype ID, IRC nickname;

  other contact details of instant messaging systems;

  address home page and/or a blog on the Internet or intranet;

  information about hobbies;

  information about the range of interests;

  family information;

  information about past illnesses;

  information about political preferences;

  and much more

An account may also contain one or more photos or an avatar of the user. The user account can also take into account various statistical characteristics of the user's behavior in the system: the duration of the last login to the system, the duration of the last stay in the system, the address of the computer used when connecting, the intensity of system use, the total and (or) specific number of certain operations performed in the system, and so on.

We have repeatedly mentioned working groups and domains. Let's take a look at how these two models of networking in Microsoft networks are fundamentally different.

Working group is a logical grouping of computers united by a common name to facilitate navigation within a network. It is crucial that each computer in the workgroup equal(i.e., the network turns out to be peer-to-peer) and maintains its own local database of user accounts (Security Accounts Manager, SAM).

This leads to the main problem that does not allow the use of workgroups in large corporate networks. Indeed, if we recall that logging into a secure system is mandatory, and direct and network logins are fundamentally different (direct login is controlled by local computer, and network - remote), then, for example, a user logged into the Comp1 computer under the local account User1 will be denied access to the printer installed on the Comp2 computer, since there is no user named User1 in its local database (Fig. 9.1). Thus, in order to ensure "transparent" interaction in the working group, it is necessary create the same accounts with the same passwords on all computers, where users work and resources are located.

Windows XP Professional for Workgroups has a special mode called "Use Simple File Sharing" that allows you to bypass the specified problem (this mode enabled by default). In this case, connecting to any network computer carried out on behalf of his local guest account, which is enabled using Network setup wizards(it is disabled by default) and for which the desired access level is configured.

For Windows XP Home Edition, this method of network communication is the main one and cannot be disabled (therefore, computers with this OS cannot be made domain members).

It is clear that you can manage accounts and resources in a workgroup only with a small number of computers and users. Large networks should use domains.

Domain is a logical grouping of computers connected common database of users and computers, security and management policy.

Domains are created based on Windows network OS, and the database, as we said, is supported domain controllers. What is important in domains is that all computers here do not themselves check users at login, but delegate this procedure to controllers (Fig. 9.2). This organization of access makes it easy to perform a one-time user check when logging on to the network, and then, without checking, grant him access to the resources of all computers in the domain.

Domains and working groups can be present in the structure of computer networks. What are they?

What is a domain?

Under domain It is customary to understand a fairly large group of computers combined in one LAN or through several connected LANs, as well as having access to a wide range of different resources and network interfaces(allowing to organize the exchange of files, streams, arrays, to implement joint access to them).

The main features of domains are as follows:

1. the structure of domains provides for dedicated servers that perform the main computing functions and are designed to manage network resources;
2. management of access settings for computers in certain parts of the network included in the domain can be carried out centrally - with the help of servers;
3. a user with a login that is bound to a domain (or access rights) can connect to the network from any PC that interacts with the corresponding domain.

A domain can have a huge number of computers - a common thing if there are thousands of them. At the same time, their individual groups may belong to different LANs, and, despite this, the domain will be functional.

Domain-hosted servers tend to be significantly more powerful than the average domain-joined PC. Any of those operating systems that are optimal for solving specific problems set by the domain owner can be installed on them - and it can differ significantly from that installed on non-server PCs.

When using VPN standards and similar standards, locally formed domains can be connected by users from virtually any other networks that physically have access to the relevant resources. This is how the Internet works a large number of PCs located in different countries of the world can, by connecting to a specific domain, receive various resources from it.

What is a working group?

Under working group It is customary to understand a relatively small-scale computer network, created mainly in order to provide shared access to various files by the PCs included in it (however, it remains in principle possible to exchange the corresponding files).

Working groups are characterized by the following features:

• all PCs included in the workgroup are most often united in a peer-to-peer network (there are no dedicated servers in it, and, as a rule, there is also no way to manage key resources of other computers or the network as a whole using one PC);
• access to the corresponding network is usually possible only if the PC operating system is loaded from a specific login (user account) for which this access is open and configured.

The size of a working group usually does not exceed a few dozen PCs. It is important that all of them be combined within a common LAN or subnet - so that the corresponding infrastructure is sufficiently stable.

Comparison

The main difference between a domain and a workgroup is how resource management is implemented in the network infrastructure of the first and second types. So, for home networks, where particularly intensive data exchange is not expected, the use of workgroups is typical. In corporate (for which such tasks are typical), as a rule, domains are involved. The interaction of computers in large-scale networks - such as the Internet - is almost always carried out using domains.

A working group is usually much easier to form than a domain. The interfaces of modern operating systems allow even an inexperienced user to solve this problem. All you need to do is connect the PC physically using a cable or switch (as an option - in wireless mode, via Wi-Fi), as well as configure the network infrastructure using the built-in software tools operating system.

Creating a domain is usually a more complicated procedure. It assumes, first of all, the availability of servers with sufficient performance, their detailed configuration, and possibly the installation of a suitable network operating system. It will also be necessary to implement in the infrastructure of the domain the function of authenticating the rights of those users who connect to the network.

The security of computers included in the workgroup, as a rule, is implemented by installing anti-virus software and other auxiliary programs on each of them. In the case of a domain, PC security can also be implemented by installing intranet interfaces that allow monitoring various threats and preventing their spread over the network.

Domains are usually much easier to scale, allowing everyone to connect to them. more new users (including those outside the local network where the main domain server is located, as an option - via the Internet). All that is needed is to provide new users with the information necessary for authorization in the domain, or configure its servers so that they recognize and connect certain user groups automatically.

In turn, adding a new user to a workgroup is usually a more time-consuming procedure. It may be necessary to configure each of the connecting computers separately, determine the access rights for the respective PCs, and verify the effectiveness of the anti-virus and other auxiliary software that is installed on them.

Having determined the difference between a domain and a workgroup, let's record the findings in a small table.

Table

Domain	Working group
What do they have in common?
Domains and workgroups are designed to provide communication between different PCs for the purpose of exchanging data, as well as sharing access to them
What is the difference between them?
Is large scale computer network(or a group of interacting LANs) managed centrally using servers	It is usually a relatively small number of connected PCs peer-to-peer LAN without servers
Allows for less labor-intensive, faster infrastructure scaling (which makes it possible to form networks on a global scale)	Assumes slower scaling - due to the fact that connecting each new PC to the network, as a rule, requires detailed configuration
Allows you to implement intranet solutions aimed at improving the security of data exchange between PCs within a domain	It involves the installation on each PC of the working group of programs necessary to ensure secure data exchange
A user with the required credentials or access can log into the domain from any PC	The user can connect to the workgroup, as a rule, only from a specific PC under a specific account