I did some search on this already but still don't understand it. Can someone explain their differences as simple as possible? It seems like they do pretty much the same thing....
Asked
Active
Viewed 2.7k times
2 Answers
3
Kerberos specifies that authentication come from a known machine with a timestamp that matches the authentication server (domain controller). The computer password is how AD ensures that the machine is known. It's not available to the user.
This answer might help.
Katherine Villyard
- 18,510
- 4
- 36
- 59
-
To put it another way, computer accounts are able to authenticate users via AD. This technique enables apps like EasySSO for Atlassian to authenticate users by mimicking a PC – Geoff Williams Jan 16 '20 at 22:58
0
One is for the user, the other for the computer that is joined to the domain.
Computers also need accounts for certain operations - among other things being allowed to even interact with active directory, or loading their group policies (which are not tied to a user in their storage). So, when you join a computer to a domain, it is getting its own account to do so (and automatically manages its password).
Try finding a book on Active Directory to give you a good introduction to the basics.
Don Kirkby
- 1,154
- 3
- 10
- 23
TomTom
- 50,857
- 7
- 52
- 134
-
I'm simply learning concepts bit by bit and the documentation doesn't explain the differences that well either. I'm not sure why there's a need for Computer accounts if you could simply apply group policies to User accounts or User groups. Also, there are CERTAINLY replacements for reading documentation or books. If there was an actual lecture or training course, I'd take it. But like I said, I'm learning this just for fun. – shadowz1337 Apr 06 '14 at 05:30
-
@shadowz1337 Wel, you did come o a place where beginner questions are not welcome as per FAQ (you did read that, or?) So, go and learn reading pelase. THere are couses for wannabe admins - try finding them. And no, many settings in a grou policy are not for a user but for the computer. And how does the computer know it should accept the user logging in? – TomTom Apr 06 '14 at 06:24
-
1**the documentation doesn't explain the differences that well** ...then you need to read better-written documentation. Computers authenticate to AD on startup. This allows for better security for user accounts and the domain itself by verifying that the machine that claims to be "workstation_No7" really is "workstation_No7" and not an imposter. In addition, because the computer itself is authenticated to the domain in its own right, further actions can be taken to install software on the computer, lock down settings, etc. – Rob Moir Apr 06 '14 at 14:39