Menu
I'm working to learn administrative account functions. My questions specifically is a difference between domain and local administrator accounts. When logging into a server or workstation remotely for the 1st time, do you need to login as the domain administrator first or can you login remotely as the local administrator account 1st? Also, what are some events in which one would want to use a local admin account vs a domain admin account? I've been reading up on the differences between the two and from what I can tell, it seems that you would want to use a local account for functions specific to a workstation and a domain account for functions specific to the domain. Any help would be appreciated.
Regards, Josh
236
Domain Administrators group is, by default, member of local Administrators group of all the member servers and computers and as such, from a local administrators point of view, rights assigned are the same.
The difference come in when working on Active Directory. Domain Administrators have elevated rights to administer and make changes to it.
It is highly recommended not to give Domain Administrators rights to anyone, except those directly responsible for AD administrative tasks.
If, for example, somebody requests Administrative right to all devices, never give them Domain Administrative rights. Rather add a new AD group to all device's local administrators groups via restricted groups or GPO Preferences.
173
