127.0.0.1 IT Certifications Microsoft MD-100: Windows Client Microsoft Windows Device and User Management

Microsoft Windows Device and User Management

A networking model defines the functioning and interaction of network components. Windows operating systems support three different network models: stand-alone, workgroup, and client-server.

This lesson provides an overview of the following topics found in Microsoft Windows:

  1. Stand-alone model
  2. Workgroup model
  3. Client-server model

Stand-Alone Model


In the stand-alone model, each Windows system operates independently without direct communication to other systems. Information transmission between hosts is only possible through a public network like the internet or by using external media such as USB drives and optical media. Computers in this model are not connected through a network.

Workgroup Model


The workgroup model is based on peer-to-peer networking. In this model:

  • Hosts in a workgroup do not have specific roles.
  • All hosts can function as both workstations and servers.
  • All hosts in a workgroup can provide and consume network services.
  • Hosts are connected through a local network connection.
  • Hosts in the same workgroup can access shared resources on other hosts.
  • Specialized software is not required.

Advertisement

Drawbacks of the workgroup model include:

  • Lack of scalability.
  • Lack of centralized configuration control.
  • Complexity of data backup.
  • Lack of centralized authentication (users must be created on both systems to use resources).
  • Lack of centrally applied security settings.

Client-Server Model


In the client-server model, each host has a specific role in the network. Servers provide services such as file storage, user management, security configuration, and printing, while clients request services from servers.

In a Windows environment, the client-server model is known as domain networking. The domain is represented by Active Directory, which is controlled and maintained by system administrators using a server operating system like Windows Server 2016 or 2019. Microsoft has also introduced Azure AD, a cloud-based service that replaces traditional on-premise server hardware.

Facts about domain networking include:

  • Domain networking utilizes security principals, such as users, computers, and resources.
  • A Windows domain consists of security principals that share a central authentication database known as Active Directory.
  • The Active Directory database is stored on one or more domain controllers.
  • Hosts need to run a supported version of the Windows operating system (e.g., Windows Professional or Enterprise) to join a domain. Windows Home edition is not supported.
  • The distinguished name of the domain is composed of the domain name and the top-level domain name from DNS.
  • Domains are more efficient and scalable than workgroups due to centralized management.
  • Objects represent resources (users, computers, printers) and define security attributes within the domain.
  • Objects can be organized in container objects.
  • Organizational units (OUs) are container objects used for logical resource organization and simplified administration.

Drawbacks of the client-server model include increased:

  • Implementation costs due to specialized hardware and software requirements.
  • Planning time required for implementation.
  • Complexity of implementation.
  • Knowledge required for management.

Windows User Management Overview


The sign-in process for a Windows device can vary depending on the type of account being used. This lesson provides an overview of the following topics:

  1. Local user accounts
  2. Workgroup membership
  3. Microsoft account sign-in
  4. Domain account sign-in
  5. Azure Active Directory account sign-in

Local User Accounts


A local user account allows you to sign in and access your Windows 10 computer. When using a local account instead of a Microsoft account, some features offered to Microsoft accounts, such as OneDrive and synced settings, are not available.

Types of local user accounts include:

  • Administrator: Administrators have complete control over the system and can perform tasks like changing global settings, creating/deleting users, installing applications, running applications with elevated privileges, and accessing all files on the system.
  • Standard user: Standard users have limited permissions. They can use applications but cannot install them, change some settings specific to their account, or run applications with elevated privileges.

Local user accounts can be created using the following methods:

  • Windows Settings App: Access the Settings app, go to “Accounts,” select “Family & other users,” and choose “Add someone else to this PC.” To create a local user account, select “Add user without a Microsoft account” and follow the prompts.
  • Computer Management: Access the Computer Management tool by right-clicking Start and selecting “Computer Management.” Expand “Local Users and Groups” and select “Users.” From the “Action” menu, choose “New User” to create a new local user account.

Workgroup Membership


A workgroup is Microsoft’s implementation of peer-to-peer networking, allowing resource sharing between computers connected to a network. Workgroups are suitable for small environments with two to eight computers, where security and separation of duties are not significant concerns. In larger environments, using domains is preferred.

Consider the following when working with workgroups:

  • Workgroups provide only sign-in security.
  • No username or password is required to join a workgroup.
  • Computers within the same workgroup can share resources if they are on the same network segment.
  • Workgroups do not have centralized authentication.
  • User accounts must be created on each remote system with the same credentials as the user’s system.
  • File sharing is possible if the user knows the credential set on the remote system.
  • By default, a computer is a member of the workgroup named “Workgroup.”

To make a computer a member of a workgroup:

  1. Access the System Configuration App.
  2. Right-click Start and select “System.”
  3. From the right pane, select “System info.”
  4. Scroll down and select “Advanced System Settings.”
  5. In the “Computer Name” tab, click “Change” and enter the desired workgroup name.
  6. Optionally, you can also change the computer name.

Microsoft Account Sign-In


Using a Microsoft account is the preferred method of signing in to a Windows 10 system. A Microsoft account offers the following benefits:

  • Access to systems and websites with consistent user settings and passwords.
  • Synchronized access to various Microsoft services like Office 365, Outlook, Skype, OneDrive, Xbox Live, Bing, and Microsoft Store.

To sign in with a Microsoft account:

  1. Click Start and go to “Settings > Accounts > Your info.”
  2. Select “Sign in with a Microsoft account instead.”
  3. If you already see “Sign in with a local account instead,” you are already using a Microsoft account.
  4. Follow the prompts to switch to your Microsoft account. If needed, you can create a Microsoft account at this time.

Once signed in with a Microsoft account, you can sync your password and settings across devices. Verification of identity may be required using an email address or phone number.

To switch back to a local account, go to “Settings > Accounts > Your info,” select “Sign in with a local account instead,” and follow the prompts.

Domain Account Sign-In
Windows systems can also sign in using a domain account, which is created and stored in Active Directory on a domain controller server. This allows for centralized management of users and groups.

To sign in with a domain account:

  1. Specify the domain you want to sign in to.
  2. If it’s the first time or you want to ensure you’re signing in to the correct domain, select “Other user” from the sign-in screen.
  3. Enter the username and password in the applicable fields.
  4. To use a different domain, specify it in the username field using the syntax “domain\username.”

The domain user account must already be created in Active Directory, and the computer must be joined to the domain.

Azure Active Directory Account Sign-In


Azure Active Directory (Azure AD) is a cloud-based identity and access management service by Microsoft. Similar to on-premises Active Directory, Azure AD allows users to sign in and access both internal and external resources.

To join a device to Azure AD:

  1. Right-click Start and go to “Settings > Accounts.”
  2. Select “Access work or school,” then choose “Connect.”
  3. Select “Join this device to Azure Active Directory.”
  4. Follow the prompts to complete the process.

After joining the computer to Azure AD, sign in using the Azure AD domain.