1
I'm working at a place where all the computers are connected to a domain. Now, out of curiously, I used a LiveUSB and enabled 2 administrator accounts. The administrator accounts are local. However when I installed software, and then logged into the domain level user account, I was able to run the software I installed on the local admin account.
Why is this? Why is software I installed on a local account, made available on a domain level account, as if the domain level account was a normal local account.
2In general, software installs install for all users. So if you do the install as a local admin, anyone that logs onto the machine will be able to see the software. Having said that, as a domain admin, if you did that at my work, your manager would be having a talk with you after getting their butt chewed by the CIO. Domain user accounts have restrictions for a reason. – EBGreen – 2015-05-19T15:41:49.270
2This was possible because an incorrect configured domain policy. Why exactly do you feel this was strange though? You logged into an account and installed an application, with the proper permissions allowing it to be configred, for any local user to run. Although you log into a domain, there is still a local user account, that is used when you do so. Which is the the reason you can still access your desktop even if the domain controller is not up. – Ramhound – 2015-05-19T15:42:34.813
I just see it as strange because the way I thought of it was wrong. It's still a local account connecting to the domain correct? Even if the domain is not up, because it's local, I can still access it, right? – None – 2015-05-19T15:50:33.627
If you used a live CD then it is not a local account connecting to the domain. the account has to exist in AD and be logged into the domain to be connected to the domain. – EBGreen – 2015-05-19T15:51:43.467
@EBGreen - Just for my understanding, how can you tell that the admin accounts are not local accounts? When I used the LiveUSB, the 2 admin accounts appeared when I was looking at the SAM file, but the domain level account didn't appear, and from the LiveUSB it doesn't appear that I could have switched the password. I was only able to switch/remove the password from the 2 admin accounts. – None – 2015-05-19T15:58:17.163
The liveUSB accounts are local accounts. They are not connecting to the domain. – EBGreen – 2015-05-19T16:51:22.327