Re: local windows accounts

[craig bowser <reswob10 () gmail com>]

First, domain accounts can cache as well (although that is configurable) so
even domain accounts can be logged into when the machine is not attached to
the network.

Second, a few legacy apps (or badly written modern apps) require a local
account to be used.

Other than that, I agree with Joel, get them to annotate the actual
requirements, test in a lab and usually you can figure out a way to get them
what they want in a secure manner.


Craig L Bowser
____________________________

This email is measured by size.  Bits and bytes may have settled during
transport.



On Fri, May 20, 2011 at 1:44 PM, Joel Esler <joel.esler () me com> wrote:

> Ask them why.  Then report back.  Most likely they don't need what they are
> asking.
>
> On May 20, 2011, at 1:24 PM, Matthew Perry wrote:
>
> > I have a few users who insist that they need a local account on their
> domain laptops.  I am trying to explain to them that their password will
> cache and allow them to login while not on the network.  It also looks like
> local accounts bypass a lot of our group policy rules that we have put in
> place and I do not want to have to manage local policies as well.  Can
> anyone give me some more good reasons why it is bad to use a local account
> instead of a domain account.
> > Thanks!
> >
> > --
> > Matthew Perry
> > _______________________________________________
> > Pauldotcom mailing list
> > Pauldotcom () mail pauldotcom com
> > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
> > Main Web Site: http://pauldotcom.com
>
> _______________________________________________
> Pauldotcom mailing list
> Pauldotcom () mail pauldotcom com
> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
> Main Web Site: http://pauldotcom.com
_______________________________________________
Pauldotcom mailing list
Pauldotcom () mail pauldotcom com
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com