search

Each computer in a workgroup takes care of its own user account and security setting.

1 Jahrs vor
Kommentare: 0
Ansichten: 180

In computer networking, a workgroup is a collection of computers on a local area network (LAN) that share common resources and responsibilities. The term is most commonly associated with Microsoft Windows workgroups but also applies to other environments. Windows workgroups can be found in homes, schools, and small businesses. However, while all three are similar, they don't function in the exact same way as domains and HomeGroups.

Show

Workgroups in Microsoft Windows

Microsoft Windows workgroups organize PCs as peer-to-peer local networks that facilitate easier sharing of files, internet access, printers, and other local network resources.

Each computer that's a member of the group can access the same resources being shared by the others, and in turn, can share its own resources if configured to do so.

Joining a workgroup requires all participants to use a matching name. All Windows 10 computers are automatically assigned to a default group named WORKGROUP (or MSHOME in Windows XP). 

Admin users can change the workgroup name from the Control Panel. Use the Systemapplet to find the Change button in the Computer Name tab. Workgroup names are managed separately from computer names.

To access shared resources on other PCs within its group, use the name of the workgroup that computer belongs to plus the username and password of an account on the remote computer.

Windows workgroups can contain many computers but work best with 15 computers or less. As the number of computers increases, a workgroup LAN becomes difficult to administer and should be re-organized into multiple networks or set up as a client-server network.

Windows Workgroups vs HomeGroups and Domains

Windows domains support client-server local networks. A specially configured computer called the Domain Controller running a Windows Server operating system serves as a central server for all clients.

Windows Domains

Windows domains can handle more computers than workgroups due to the ability to maintain centralized resource sharing and access control. A client PC can belong either to a workgroup or to a Windows domain, but not both. Assigning a computer to the domain automatically removes it from the workgroup.

Corporate domains may include switches that network devices are plugged into in order to connect to the larger company domain.

 Jordan Harrison / Upsplash

Microsoft HomeGroup

Microsoft introduced the HomeGroup concept in Windows 7. HomeGroups are designed to simplify the management of workgroups for administrators, particularly homeowners. Instead of requiring an administrator to manually set up shared user accounts on every PC, HomeGroup security settings can be managed through one shared login.

Additionally, HomeGroup communication is encrypted and makes it simple to share single files with other HomeGroup users.

Joining a HomeGroup does not remove a PC from its Windows workgroup; the two sharing methods co-exist. Computers running versions of Windows older than Windows 7, however, cannot be members of HomeGroups.

To find HomeGroup settings, go to Control Panel > Network and Internet > HomeGroup. Join Windows to a domain through the same process used to join a workgroup; choose the Domain option instead.

Other Computer Workgroup Technologies

The open-source software package Samba (which uses SMB technologies) allows Apple macOS, Linux, and other Unix-based systems to join existing Windows workgroups.

Apple originally developed AppleTalk to support workgroups on Macintosh computers but phased out this technology in the late 2000s in favor of newer standards like SMB.

Thanks for letting us know!

Get the Latest Tech News Delivered Every Day

Subscribe

Skip to main content

This browser is no longer supported.

Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.

Network access: Sharing and security model for local accounts

  • Article
  • 10/25/2022
  • 3 minutes to read

In this article

Applies to

  • Windows 10

Describes the best practices, location, values, policy management and security considerations for the Network access: Sharing and security model for local accounts security policy setting.

Reference

This policy setting determines how network logons that use local accounts are authenticated. If you configure this policy setting to Classic, network logons that use local account credentials authenticate with those credentials. If you configure this policy setting to Guest only, network logons that use local accounts are automatically mapped to the Guest account. The Classic model provides precise control over access to resources, and it enables you to grant different types of access to different users for the same resource. Conversely, the Guest only model treats all users equally, and they all receive the same level of access to a given resource, which can be either Read Only or Modify.

Note:  This policy setting does not affect network logons that use domain accounts. Nor does this policy setting affect interactive logons that are performed remotely through services such as Telnet or Remote Desktop Services. When the device is not joined to a domain, this policy setting also tailors the Sharing and Security tabs in Windows Explorer to correspond to the sharing and security model that is being used.

When the value of this policy setting is Guest only - local users authenticate as Guest, any user who can access your device over the network does so with Guest user rights. This privilege means that they'll probably be unable to write to shared folders. Although this restriction does increase security, it makes it impossible for authorized users to access shared resources on those systems. When the value is Classic - local users authenticate as themselves, local accounts must be password-protected; otherwise, anyone can use those user accounts to access shared system resources.

Possible values

  • Classic - Local users authenticate as themselves
  • Guest only - Local users authenticate as Guest
  • Not defined

Best practices

  1. For network servers, set this policy to Classic - local users authenticate as themselves.
  2. On end-user systems, set this policy to Guest only - local users authenticate as Guest.

Location

Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options

Default values

The following table lists the actual and effective default values for this policy. Default values are also listed on the policy’s property page.

Server type or GPODefault value
Default Domain Policy Not defined
Default Domain Controller Policy Not defined
Stand-Alone Server Default Settings Classic (local users authenticate as themselves)
DC Effective Default Settings Classic (local users authenticate as themselves)
Member Server Effective Default Settings Classic (local users authenticate as themselves)
Client Computer Effective Default Settings Classic (local users authenticate as themselves)

Policy management

This section describes features and tools that are available to help you manage this policy.

Restart requirement

None. Changes to this policy become effective without a device restart when they're saved locally or distributed through Group Policy.

Group Policy

This policy setting can be configured by using the Group Policy Management Console (GPMC) to be distributed through Group Policy Objects (GPOs). If this policy isn't contained in a distributed GPO, this policy can be configured on the local computer by using the Local Security Policy snap-in.

Security considerations

This section describes how an attacker might exploit a feature or its configuration, how to implement the countermeasure, and the possible negative consequences of countermeasure implementation.

Vulnerability

With the Guest only model, any user who can authenticate to your device over the network does so with Guest privileges, which probably means that they don't have Write access to shared resources on that device. Although this restriction does increase security, it makes it more difficult for authorized users to access shared resources on those computers because ACLs on those resources must include access control entries (ACEs) for the Guest account. With the Classic model, local accounts should be password protected. Otherwise, if Guest access is enabled, anyone can use those user accounts to access shared system resources.

Countermeasure

For network servers, configure the Network access: Sharing and security model for local accounts setting to Classic – local users authenticate as themselves. On end-user computers, configure this policy setting to Guest only – local users authenticate as guest.

Potential impact

None. This non-impact state is the default configuration.

  • Security Options

Feedback

Submit and view feedback for

Does each Computer in a workgroup take care of its own user account and security settings?

Each computer in a workgroup takes care of it's own user account and security setting. What is the minimum number of domain controllers must a domain have? If you need to update the device drivers manually, which of the following are you likely to use?

What can be considered peripheral devices?

Examples of peripheral devices include terminals, printers, external floppy disk drives and other data storage devices, video monitors, keyboards, interface boards, external memory expansion cards, and other input/output devices that may or may not contain digital circuitry.

Which of the following must be checked in the system before installing and application?

Before installing an application, the compatibility of the application with the operating system needs to be ensured.

computer workgroup takes care user account security setting

zusammenhängende Posts

Mein computer erkennt mein handy nicht mehr
Mein computer erkennt mein handy nicht mehr

What is used to store the essential parts of the operating system while the computer is running?
What is used to store the essential parts of the operating system while the computer is running?

_____ stores the essential parts of the operating system while the computer is running.
_____ stores the essential parts of the operating system while the computer is running.

What is the process of updating computer files that are in two or more locations according to specific rules is?
What is the process of updating computer files that are in two or more locations according to specific rules is?

Is a term that refers to an attack whereby all the files and folders on a computer system are encrypted and held until the computer owner pays money for their release?
Is a term that refers to an attack whereby all the files and folders on a computer system are encrypted and held until the computer owner pays money for their release?

What is the smallest unit of data the computer can process group of answer choices?
What is the smallest unit of data the computer can process group of answer choices?

Which of the following computer programs can be used to help researchers in qualitative data management?
Which of the following computer programs can be used to help researchers in qualitative data management?

What is a collection of data that is stored in a computer system spreadsheet database file folder?
What is a collection of data that is stored in a computer system spreadsheet database file folder?

What user accounts are automatically created when a user installs Windows to a new computer?
What user accounts are automatically created when a user installs Windows to a new computer?

Warum setzt mein Computer immer aus?
Warum setzt mein Computer immer aus?

Werbung

NEUESTEN NACHRICHTEN

Wie lange gilt man mit johnson als vollständig geimpft
1 Jahrs vor . durch CurlyDelicacy
Wie kann man Batterie in Prozent anzeigen iPhone 13?
1 Jahrs vor . durch StrickenMotto
Which of the following is considered effective for both upward and downward influence?
1 Jahrs vor . durch PreparedContentment
Which of the following statements is true regarding impression management IM techniques?
1 Jahrs vor . durch TiresomeMelodrama
Auf der grünen Wiese liegt der Theodor
1 Jahrs vor . durch GuidingCrossroads
In which of the following ways can effective communicators protect goodwill?
1 Jahrs vor . durch ExtremistConfiscation
Was ist der unterschied zwichen feil und richard
1 Jahrs vor . durch CloudlessAnnuity
In welchem Alter sterben die meisten Männer in Deutschland
1 Jahrs vor . durch HappyThreshold
Wo liegt der unterschied zwischen job und beruf
1 Jahrs vor . durch PositiveCabal
By definition the speaker and the audience cannot be part of the same public
1 Jahrs vor . durch ApocalypticCrocodile

Werbung

Populer

Werbung

Um

Legal

Hilfe

Sozial

homeendefrkoptzhitthjphi
Urheberrechte © © 2024 berikutyang Inc.