Group becomes a member of the administrators local group when a windows 10 computer joins a domain.

We have a computer on our network with some network shares. This computer is NOT part of our domain. In order to allow certain users to access the network shares, we have been creating local accounts on the computer with the same user name and password as the active directory user and adding those (local) users to the permissions list.

For example, this computer (TestComputer) has a local user (UserA) that has been given Full Control of a shared folder (TestFolder). There is also an active directory user with the same name (TESTDOMAIN\UserA). UserA can now browse to \\TestComputer\TestFolder and read or write to it.

What we want to do is join TestComputer to our domain and then give permissions to the active directory user (TESTDOMAIN\UserA) instead and eventually delete the local user (UserA) from TestComputer.

It looks like here shows that joining a computer to a domain doesn't mess with the local accounts. However, it didn't clarify if anything would happen if those local accounts had the same name as active directory accounts. I just need clarification that I can just simply join the computer to the domain, replace the local user permissions with the active directory user and delete (maybe disable) the local user account.

asked Nov 25, 2009 at 21:51

If the domain has group policy it could potentially change members of users in the local admin and power users group.....or even add in new users. But existing users on the local machine will remain unaffected.

answered Nov 25, 2009 at 22:08

daeddaed

962 bronze badges

The only user and\or group change that occurs when joining a computer to a domain is that the domain users group is added to the local users group and the domain admins group is added to the local admins group. Your local user accounts will be unaffected and there will be no conflict with the domain user with the same name. You should be fine going ahead with your plan.

answered Nov 25, 2009 at 21:56

joeqwertyjoeqwerty

109k6 gold badges80 silver badges171 bronze badges

1

Should be fine, unless your join the computer to the domain & promote it to a domain controller, in which case you'll no longer have local computer accounts.

You'll also need to fix any NTFS permissions on files local users may have setup, as these won't carry over. Maybe you can use sidhistory with this if it's complicated, it might work?

answered Nov 26, 2009 at 14:33

Nick KavadiasNick Kavadias

10.8k7 gold badges36 silver badges47 bronze badges

Local user accounts are stored in the SAM database. True or False?

Each user account is assigned a ___________ to ensure that security is kept intact if the account is renamed.

Which logon method requires users to press Ctrl+Alt+Delete before logging on?

a. Windows Welcome
b. Secure logon
c. Fast user switching
d. Automatic logon

Which logon method allows multiple users to have applications running on the computer at the same time?

a. Windows Welcome
b. Secure logon
c. Fast user switching
d. Automatic logon

Which characters are not allowed in user account names? (Select all that apply.)
a. \
b. +
c. $
d. *
e. !

Because user names are case sensitive, you can use capitalization to ensure that they are
unique. True or False?

Which characteristics apply to the Administrator account? (Choose all that apply.)

a. It has a blank password by default.
b. It cannot be deleted.
c. It cannot be renamed.
d. It is visible on the logon screen.
e. It can be locked out.

a. It has a blank password by default.
b. It cannot be deleted.

Which characteristics apply to the Guest account? (Choose all that apply.)

a. It has a blank password by default.
b. It cannot be deleted.
c. It cannot be renamed.
d. It is disabled by default.
e. It can be locked out.

a. It has a blank password by default.
b. It cannot be deleted
d. It is disabled by default.

Because the initial user account created during installation is a member of the Administrators
group, it has all of the characteristics of the Administrator account. True or False?

The ___________ built-in local group has been depreciated and is no longer recommended for use
by Microsoft.

Standard users are members of which built-in local group?

a. Administrators
b. Guests
c. Remote Desktop Users
d. Users

Standard user accounts are more usable in Windows 7 than previous versions of Windows because User Account Control elevates privileges as required. True or False?

Which tasks can be performed by using the User Accounts applet in Control Panel? (Choose
all that apply.)

a. Change your password
b. Change your picture
c. Change your group memberships
d. Change your account type
e. Change your name

a. Change your password
b. Change your picture
d. Change your account type
e. Change your name

password reset disk contains ____________.

encrypted copy of the user password

Which user management tool is required to assign
logon script to a user?

a. User Accounts in Control Panel
b. Local Users and Groups MMC snap-in
c. Advanced User Accounts applet
d. Advanced Users and Groups MMC snap-in

b. Local Users and Groups MMC snap-in

What is a risk of resetting a user password?

a. The user account becomes corrupted.
b. EFS-encrypted fi les cannot be accessed.
c. The security permissions for the user account are lost.
d. The password is not encrypted until changed by the user at fi rst logon.

b. EFS-encrypted files cannot be accessed.

Which file in a profile contains user-specific registry settings?

a. AppData
b. NTUSER.DAT
c. NTUSER.MAN
d. SYSTEM.DAT
e. Local Settings

Which profile is copied to create a profile for new user accounts?

a. Default User
b. Public
c. Blank
d. Default
e. New

A roaming profile is located on a network server. True or False?

Which profile is merged into each user profile when the user is logged on?

a. Default User
b. Public
c. Blank
d. Default
e. New

In a domain-based network, each server authenticates users by using the SAM database.
True or False?

The ___________ group becomes a member of the Administrators local group when a Windows 7
computer joins a domain.

Which editions of Windows 7 have the option to use Parental Controls? (Choose all that
apply.)

a. Windows 7 Home Premium
b. Windows 7 Business
c. Windows 7 Ultimate
d. Windows 7 Enterprise in a workgroup
e. Windows 7 Enterprise in a domain

a. Windows 7 Home Premium
c. Windows 7 Ultimate
d. Windows 7 Enterprise in a workgroup

Time limits can be configured separately for each day of the month. True or False?

Which program or utility do you use to copy an existing user profile to the default user
profile?

Which security feature in Windows 7 prevents malware by limiting user privilege levels?

a. Windows Defender
b. User Account Control (UAC)
c. Microsoft Security Essentials
d. Service SIDs

b. User Account Control (UAC)

The default privilege level for services is LocalSystem. True or False?

When compared to Windows XP, which networking features have been updated or added
in Windows 7 to enhance security? (Choose all that apply.)

a. TCP/IPv4
b. Network Access Protection (NAP)
c. Point-to-Point Tunneling Protocol (PPTP)
d. Internet Connection Sharing
e. Windows Firewall

b. Network Access Protection (NAP)
e. Windows Firewall

When compared to Windows Vista, which data protection feature is new in Windows 7?

a. Local security policy
b. BitLocker Drive Encryption
c. EFS
d. BitLocker To Go
e. Network Access Protection (NAP)

Which of the following passwords meet complexity requirements? (Choose all that apply.)

a. passw0rd$
b. ##$$@@
c. ake1vyue
d. a1batr0$$
e. A%5j

a. passw0rd$
d. a1batr0$$

Which password policy setting should you use to prevent users from reusing their passwords
too quickly?

a. Maximum password age
b. Minimum password age
c. Minimum password length
d. Password must meet complexity requirements
e. Store passwords using reversible encryption

Which account lockout policy setting is used to confi gure the time frame in which incorrect
logon attempts must be conducted before an account is locked out?

a. Account lockout duration
b. Account lockout threshold
c. Reset account lockout counter after
d. Account lockout release period

c. Reset account lockout counter after

The _____ local policy controls the tasks users are allowed to perform.

Which type of AppLocker rule condition can uniquely identify any fi le regardless of its
location?

a. Publisher
b. Hash
c. Network zone
d. Path

How would you create AppLocker rules if you wanted to avoid updating the rules when
most software is already installed?

a. Manually create rules for each application
b. Automatically generate rules
c. Create default rules
d. Download rule templates

Evaluating DLL files for software restrictions has a minimal impact on performance because
of caching. True or False?

Which utilities can be used to compare the settings in a security template against a computer
configuration? (Choose all that apply.)

a. Secedit
b. Windows Defender
c. Security Templates snap-in
d. Group Policy Object Editor
e. Security Confi guration and Analysis tool

a. Secedit
e. Security Confi guration and Analysis tool

To which event log are audit events written?

a. Application
b. Security
c. System
d. Audit
e. Advanced Audit

An ________ is used to describe the structure of an application and trigger UAC when
required.

What are you disabling when you configure UAC to not dim the desktop?

a. Admin Approval Mode
b. file and registry virtualization
c. user-initiated prompts
d. secure desktop

Microsoft Security Essentials requires a subscription fee after a 90-day trial period. True
or false?

Which of the following does Action Center monitor? (Choose all that apply.)

a. Network Firewall
b. Windows Update
c. User Account Control
d. Internet security settings
e. Virus protection

a. Network Firewall
b. Windows Update
c. User Account Control
d. Internet security settings
e. Virus protection

To prevent spyware installation, you should configure Windows Defender to perform __________.

Which type of encryption is the fastest, strongest, and best suited to encrypting large
amounts of information?

a. Symmetric
b. 128 bit
c. Asymmetric
d. Hash
e. Public key

To encrypt a file by using EFS, the file must be stored on an NTFS-formatted partition. True
or False?

How can you recover EFS-encrypted files if the user profile holding the digital certificate is
accidentally deleted? (Choose all that apply.)

a. Restore the file from backup.
b. Restore the user certificate from a backup copy.
c. Another user with access to the file can decrypt it.
d. Decrypt the file by using the recovery certificate.
e. Decrypt the file by using the EFS recovery snap-in.

b. Restore the user certificate from a backup copy.
c. Another user with access to the file can decrypt it.
d. Decrypt the file by using the recovery certificate.

Which of the following is not true about BitLocker Drive Encryption?

a. BitLocker Drive Encryption requires at least two disk partitions.
b. BitLocker Drive Encryption is designed to be used with a TPM.
c. Two encryption keys are used to protect data.
d. Data is still encrypted when BitLocker Drive Encryption is disabled.
e. You must use a USB drive to store the startup key.

e. You must use a USB drive to store the startup key.

BitLocker Drive Encryption is user aware and can be used to protect individual files on a
shared computer. True or False?

Which is the preferred setting for Windows Update?

a. Install updates automatically
b. Download updates but let me choose whether to install them
c. Check for updates but let me choose whether to download and install them
d. Never check for updates

a. Install updates automatically

Which categories of updates can be downloaded and installed automatically by Windows
Update? (Choose all that apply.)

a. Critical
b. Important
c. Recommended
d. Optional
e. Feature update

b. Important
c. Recommended
d. Optional

What group becomes a member of the Administrators local group when a Windows 10 computer joins a domain?

What authentication method requires the computer to be joined to either a domain or Azure AD?

Are local user accounts are stored in the SAM database?

Which of the following cmdlets will you use to create local users using Windows Powershell?