-
Notifications
You must be signed in to change notification settings - Fork 0
Ops 301 Class 02
Domains are large networks that are typically deployed in a corporate, government, or academic environment, they enable network administrators with the capability of being able to standardize and manage a large number of machines from one centralized location. The location is a server known as a domain controller. Like the name implies, domain controllers have control over the domain and all of the computers that are contained within it. Domains usually found presiding over the computers of a local network. However, domains can also be joined remotely, via VPN or internet connection, which enables an organization to remotely manage machines that they provide to their members.
A computer joined to a domain essentially relies on the domain controller to authenticate user credentials, rather than storing that information locally on the machine itself. This means that a user can theoretically log in successfully to any machine found on a domain's network.
Network administrators employ group policy to facilitate standardization and customization of the machines found on a domain, employing the domain controller to set these parameters and push them out to the rest of the machines found on the domain. These group policy settings will override any local settings that have been created by a user. In other words, a computer that is joined to a domain is controlled and configured by the organization who owns the domain instead of the user of the computer.
Unless your computer is owned by an organization that you're apart of, it's highly unlikely that it's joined to any sort of domain without your knowledge. If you want to check whether or not this is the case, you can navigate to Control Panel > System and Security > System and look under "Computer name, domain, and workgroup settings" in this window. If you see "Domain" followed by the name of an organization, then your computer is joined to a domain. If you instead see "Workgroup" followed by the name of a Workgroup, then your computer is not joined to a domain, but a workgroup.
The good news is, there's no conspiracy happening here. Well, maybe there is, but it's not what you think. Every single Windows computer that is not joined to a domain is, by default, joined to a Workgroup. A workgroup is simply a group of computers on a local network. Unlike a domain, there is no computer or server that controls the rest of the computers, all of the machines are seen as equals. Workgroups do not require a password either.
In previous Windows versions, workgroups were used for printer or file sharing. This system has been replaced by the "homegroup" in newer versions, whereas the "workgroup" concept has started to fade out of focus. Hence, there's no need to be concerned with adjusting anything with a Workgroup, you can simply leave the defaults in place and focus on setting up "homegroup" file sharing capability.
Typically, joining or leaving a domain is not something the user needs to facilitate, as these processes are typically handled by the Network Administrator. If you're using a machine provided to you by an organization, it's typically joined to the domain already by the time you receive it, and if it ever needs to be removed from the domain, the removal process is something that requires an Administrative password to initiate.
If you happen to be an Administrator though, the process is fairly straightforward. Navigating back to the "Computer name, domain, and workgroup settings" in the System Info window, will bring you to the System Properties window, which will allow you to join or leave a domain.
If you have an old computer that is joined to a domain, and you don't have the credentials needed to remove it, a good workaround for gaining access to the machine again is to perform a reinstallation of Windows. This is because domain settings are tied to the OS of a machine, and so replacing the OS, replaces all of the settings associated with the OS. A reinstallation of Windows will give you a fresh OS to work with, but you should never do this with a school or work PC!
This information is relevant to what we are learning this week as we dive deeper into exploring the world of Networking and Networking Administration for the purposes of gaining a deeper understanding of how to secure networks. Domain controllers are a vital part of any organization's internal network, and must be kept safe and secure from any external threat actors who are attempting to infiltrate an organization. For an attacker to gain control of a Domain Controller would be potentially catastrophic for an organization.