HP StorageWorks 9000s NAS 4000s and 9000s Administration Guide - Page 111

User and Group Management, Domain Compared to Workgroup Environments

Page 111 highlights

User and Group Management 6 There are two system environments for users and groups: workgroup and domain. Because users and groups in a domain environment are managed through standard Windows NT or Windows Storage Server 2003 domain administration methods, this document discusses only local users and groups, which are stored and managed on the NAS device. For information on managing users and groups on a domain, refer to the domain documentation available on the Microsoft website. Domain Compared to Workgroup Environments NAS server devices can be deployed in workgroup or domain environments. When in a domain environment, the server is a member of the domain. The domain controller is a repository of accounts and account access for the NAS server. Client machines are also members of the domain, and users log on to the domain through their Windows clients. The domain controller also administers user accounts and appropriate access levels to resources that are a part of the domain. In a CIFS/SMB environment, when mapping a network drive or a client machine, a user sends a logon credential to the server. This credential includes the username, password, and if appropriate, domain information. Using the credential, the server authenticates and provides the corresponding access to the user. When a NAS server is deployed into a workgroup environment, all user and group account access permissions to file resources are stored locally on the server. By contrast, when a NAS server is deployed into a domain environment it uses the account database from the domain controller, with user and group accounts stored outside the server. The server integrates with the domain controller infrastructure. Note: The NAS server cannot act as a domain controller for other servers on the network. If user and group account information is stored locally, those accounts may be used only to authenticate logons to the NAS server, resulting in a workgroup configuration. Administering users and groups in a domain environment is similar in a mechanical sense to administering them in a workgroup environment. If using an Active Directory domain controller, the Computer Management tool allows for adding, modifying, and removing users in the same context as in a workgroup environment. The concepts, however, are very different. Additional information about planning for domain environments can be found at: http://www.microsoft.com/windowsserver2003/technologies/directory/activedirectory/default.mspx NAS 4000s and 9000s Administration Guide 111

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49
  • 50
  • 51
  • 52
  • 53
  • 54
  • 55
  • 56
  • 57
  • 58
  • 59
  • 60
  • 61
  • 62
  • 63
  • 64
  • 65
  • 66
  • 67
  • 68
  • 69
  • 70
  • 71
  • 72
  • 73
  • 74
  • 75
  • 76
  • 77
  • 78
  • 79
  • 80
  • 81
  • 82
  • 83
  • 84
  • 85
  • 86
  • 87
  • 88
  • 89
  • 90
  • 91
  • 92
  • 93
  • 94
  • 95
  • 96
  • 97
  • 98
  • 99
  • 100
  • 101
  • 102
  • 103
  • 104
  • 105
  • 106
  • 107
  • 108
  • 109
  • 110
  • 111
  • 112
  • 113
  • 114
  • 115
  • 116
  • 117
  • 118
  • 119
  • 120
  • 121
  • 122
  • 123
  • 124
  • 125
  • 126
  • 127
  • 128
  • 129
  • 130
  • 131
  • 132
  • 133
  • 134
  • 135
  • 136
  • 137
  • 138
  • 139
  • 140
  • 141
  • 142
  • 143
  • 144
  • 145
  • 146
  • 147
  • 148
  • 149
  • 150
  • 151
  • 152
  • 153
  • 154
  • 155
  • 156
  • 157
  • 158
  • 159
  • 160
  • 161
  • 162
  • 163
  • 164
  • 165
  • 166
  • 167
  • 168
  • 169
  • 170
  • 171
  • 172
  • 173
  • 174
  • 175
  • 176
  • 177
  • 178
  • 179
  • 180
  • 181
  • 182
  • 183
  • 184
  • 185
  • 186
  • 187
  • 188
  • 189
  • 190
  • 191
  • 192
  • 193
  • 194
  • 195
  • 196
  • 197
  • 198
  • 199
  • 200
  • 201
  • 202
  • 203
  • 204
  • 205
  • 206
  • 207
  • 208
  • 209
  • 210
  • 211
  • 212
  • 213
  • 214
  • 215
  • 216
  • 217
  • 218
  • 219
  • 220
  • 221
  • 222
  • 223
  • 224
  • 225
  • 226
  • 227
  • 228
  • 229
  • 230
  • 231
  • 232
  • 233
  • 234
  • 235
  • 236
  • 237
  • 238
  • 239
  • 240
  • 241
  • 242
  • 243
  • 244
  • 245
  • 246

111
NAS 4000s and 9000s Administration Guide
6
User and Group Management
There are two system environments for users and groups: workgroup and domain. Because
users and groups in a domain environment are managed through standard Windows NT or
Windows Storage Server 2003 domain administration methods, this document discusses only
local users and groups, which are stored and managed on the NAS device. For information on
managing users and groups on a domain, refer to the domain documentation available on the
Microsoft website.
Domain Compared to Workgroup Environments
NAS server devices can be deployed in workgroup or domain environments. When in a
domain environment, the server is a member of the domain. The domain controller is a
repository of accounts and account access for the NAS server. Client machines are also
members of the domain, and users log on to the domain through their Windows clients. The
domain controller also administers user accounts and appropriate access levels to resources
that are a part of the domain.
In a CIFS/SMB environment, when mapping a network drive or a client machine, a user sends
a logon credential to the server. This credential includes the username, password, and if
appropriate, domain information. Using the credential, the server authenticates and provides
the corresponding access to the user.
When a NAS server is deployed into a workgroup environment, all user and group account
access permissions to file resources are stored locally on the server.
By contrast, when a NAS server is deployed into a domain environment it uses the account
database from the domain controller, with user and group accounts stored outside the server.
The server integrates with the domain controller infrastructure.
Note:
The NAS server cannot act as a domain controller for other servers on the network. If user
and group account information is stored locally, those accounts may be used only to authenticate
logons to the NAS server, resulting in a workgroup configuration.
Administering users and groups in a domain environment is similar in a mechanical sense to
administering them in a workgroup environment. If using an Active Directory domain
controller, the Computer Management tool allows for adding, modifying, and removing users
in the same context as in a workgroup environment. The concepts, however, are very different.
Additional information about planning for domain environments can be found at: