Windows XP Cookbook by Robbie Allen, Preston Gralla

When dealing with Windows XP systems, there are three types of accounts you’ll work with most often. These include user, group, and computer accounts. You create user accounts to represent the employees, customers, or students in your environment. User accounts represent the virtual identity of the user in the system. It is important to understand how to properly configure and automate the management of user accounts so you cut down on many of the day-to-day tasks required to support them. We’ll include a lot of scripts in this chapter to show you how to do this.

As far as Active Directory is concerned, computers are very similar to users. In fact, computer accounts have all of the same attributes as user accounts. Computers need to be represented in Active Directory for many of the same reasons users do, including the need to access resources securely, to use Group Policy objects (GPOs), and to have permissions granted or restricted on them.

To participate in a domain, computers need a secure channel to a domain controller. A secure channel is an authenticated connection that can transmit encrypted data. To set up the secure channel, a computer has to present a password to a domain controller. The domain controller then verifies that password against the password stored in Active Directory with the computer’s account. Without the computer account, and subsequently the password stored within it, there would be no way for the ...