Name

local user account

Synopsis

A user account that lets a user log on to a single computer and access resources only on that computer.

Description

Local user accounts are valid only on the computer on which they are defined. They are stored within the computer’s local security database. This is in contrast to domain user accounts, which are valid for any computer in the domain and which are stored within Active Directory for that domain. Local user accounts are created within the Users folder of the Local Users and Groups console (see Chapter 5).

Authentication of a local user account works as follows:

  • The user provides her credentials to log on the local machine.

  • The local machine compares the user’s credentials with those stored for the user in the local security database on that machine and determines whether to provide the user with access to the machine.

  • If the user is to be granted access to the machine, the local security database provides an access token that specifies the permissions and rights that the user will have on the machine.

Notes

  • Local user accounts can be created only on member servers and client computers; they cannot be created on domain controllers.

  • Use local user accounts only for users on standalone computers who have no need to access shared resources on the network. Otherwise, always use domain user accounts for users in Windows 2000 networks.

  • Local user accounts are not replicated to Active Directory.

See Also

built-in user account, domain user account, Local ...

Get Windows 2000 Administration in a Nutshell now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial