I've recently eradicated Active Directory from my network. However, I'm having trouble verifying there is no issue with sharing files using a local account instead of a domain account.
I have exactly one server I was unable to convert to using OneDrive/Sharepoint. This server has one folder that I will need to allow sharing to a limited number of people. I plan to do the following:
- Create static ips for users that will need access to the share
- Create Windows Firewall rules on the server to only allow those users' ips
- Create local user accounts on the server
- Share the folder with the local user accounts
- Setup mapped drives using the accounts
Are there any scenarios where using a local account instead of a domain account is more vulnerable? For example, I recall that with a Domain Controller, you can enable signing of security tokens using group policy. If the local machine is already configured to enable signing, will that still work?
Are there any other things I should look out for with using a local account other than the non-technical things like the hassle of maintaining the local users? I am primarily looking for any technical vulnerabilities that become present once Active Directory is no longer used for authenticating access to the share.
