Windows XP Pro: The Missing Manual

As described in Chapter 18, the domain and workgroup personalities of Windows XP Professional are quite a bit different. Here are some of most important differences.

19.3.1 Logging On

What you see when you log onto your PC is very different when you're part of a domain. Instead of the standard Welcome screen (which shows a list of people with accounts on your PC), you generally encounter a two-step sign-in process:

  • First, you see a Welcome to Windows dialog box. It instructs you to press Ctrl+Alt+Delete to begin. (As noted on The Double-Thick Security Trick, this step is a security precaution.)

  • Now the Log On to Windows dialog box appears (see Figure 19-2).

    Figure 19-2. Joining a domain disables Fast User Switching and the Windows XP Welcome screen, presenting a simple Log On to Windows dialog box instead. If you know Windows 2000, you should feel right at home, because this is the standard Welcome screen for that operating system, too.

NOTE

You can turn off the requirement to press Ctrl+Alt+Delete at each log on, if you like. Log on using the local Administrator account (or another administrator account), and then choose Start Control Panel User Accounts. Then click the Advanced tab and turn off the "Require users to press Ctrl-Alt-Delete" checkbox.

UP TO SPEED

Knowing What You're Logging Onto

You may remember from Chapter 18 that there are two kinds of accounts: domain accounts, maintained by a highly paid professional in your company, and local accounts ”accounts that exist only on the PC itself. It's actually possible to find domain accounts and local accounts that have the same name ”a perennial source of confusion for beginners (and occasionally experts).

For example, you know that every Windows XP Pro computer has an Administrator account, which the Windows XP installer creates automatically. The trouble is, so does the domain controller.

In other words, typing Administrator into the User Name text box might log you onto either the local machine or the domain, depending on what password you supply. (With luck, the two accounts won't have the same password, but you never know.)

To avoid this kind of confusion, click the Options button on the Log On to Windows screen. As shown here, you're now privy to the "Log on to" drop-down menu. It lists the name of the domain you just joined, any other domains on the network, and your computer's name (which is marked "this computer"). It's important to select the correct item before you click OK.

For this reason, it's a good idea to keep the Log On to Windows dialog box in its expanded state all the time, so that you can easily see whether you are logging onto the domain or the local machine.

As you see in Figure 19-2, the Log On to Windows dialog box provides a place for you to type your user name and password. To save you time, Windows fills in the User Name box with whatever name was used the last time somebody logged in.

19.3.2 Browsing the Domain

When your PC is part of the domain, all of its resources ”printers, shared files, and so on ”magically appear in your desktop windows, the My Network Places window, and so on (see Figure 19-3).

Figure 19-3. When you open a Windows Explorer window and expand the My Network Places and Microsoft Windows Network icons, you see an icon for each workgroup on the network (see Figure 19-4). You can browse through the computers in a domain and access their shared folders (if you have the appropriate permissions) just as you would those of a workgroup. On a large network, you'll just see a lot more computers.

19.3.3 Searching the Domain

You can read all about the Windows XP Search command in Chapter 2. But when you're on a domain, this tool becomes far more powerful ”and more interesting.

For example, when you choose Start Search, the Computers or People search option changes to say Printers, Computers, or People. (Microsoft figures that you wouldn't need a search command for printers on a small network workgroup. After all, if you've only got two printers in your small office, you probably don't forget where they are very often. It's a different story if you work in a huge building with hundreds of computers and printers.)

When you choose Start My Computer and click the My Network Places link on the left side of the window, the screen changes to show the list of your network places (if any). On the left side of this window, you can click the Search Active Directory link to open the dialog box shown at top left in Figure 19-4.

Figure 19-4. Top left: Searching for people in your network's Active Directory is like using a phone book. You supply the information you know about the person. Lower right: When you find that person (technically, her user object ), you can view the information stored in its attributes. Of course, the usefulness of this feature depends on how much information your network administrators enter when creating the user objects.

The name of this dialog box changes depending on what you're looking for. Your choices are:

  • Users, Contacts, and Groups . Use this option to search the network for a particular person or network group (Figure 19-4). If your search is successful, you can find out someone's telephone number, email address, or mailing address, for example, or see what users belong to a particular group .

  • Computers . This option helps you find a certain PC in the domain. It's of interest primarily to network administrators, because it lets them open a Computer Management window for the computers they find and manage many of its functions by remote control.

  • Printers . In a large office, it's entirely possible that you might not know where you can find a printer with certain features ”tabloid-size paper, for example, or double-sided printing. That's where this option comes in handy (see Figure 19-5).

    Figure 19-5. Searching for a printer in Active Directory lets you find the printing features you need. Network administrators may also record the physical locations of the network printers. This way, when your search uncovers a printer that can handle 11 x 17-inch paper and print double-sided too, you can simply look at its attributes to find out that it's located on the fourth floor on the west side of the building.

  • Shared Folders . In theory, this option lets you search for shared folders on the domain's computers ”but you'll quickly discover that searches for a certain shared folder generally come up empty-handed.

    That's because just sharing a folder on your computer doesn't "publish" it to Active Directory, which would make it available to this kind of search. Only network administrators can publish a shared folder in Active Directory.

  • Organizational Units . You may not have heard of organizational units, but your network administrator lives and breathes them. (They're the building blocks of an Active Directory hierarchy.) You, the mere mortal, can safely ignore this search option.

19.3.3.1 Custom Searches

In addition to these predefined searches, you can also create a custom search of your own by looking for information in specific fields (that is, attributes) of Active Directory, as shown in Figure 19-6.

Figure 19-6. To perform a custom search, you use the drop-down menus to select an object type and then a particular field in that object. You then specify a condition (such as whether you want to search for an exact value or just the beginning or end of the value) and the value you want to look for. When you click Find Now, a list of the objects matching your criteria appears.

When used creatively, these custom searches can be powerful indeed, in ways you might not expect. For example, suppose your car won't start, and you need a ride home from the office. You can open this dialog box, click the Field button, and choose User Home Phone. Change the Condition drop-down menu to Starts With; type your own area code and telephone exchange into the Value text box. When you click the Find Now button, you'll get a list of co-workers who live in your neighborhood (as indicated by the first three digits of their phone numbers ).

19.3.4 Assigning Permissions to Domain Members

Chapter 17 describes the process of assigning permissions to certain files and folders, so that only designated people and groups can open them from across the network. When you're a member of a domain, the process is the same, except that you can select people and groups from the domain as well.

When you open the Properties dialog box for a file or folder, click the Security tab, and then click Add, you don't get the same dialog box that you'd see on a workgroup network. On a domain, it's called the Select Users, Computers, or Groups dialog box (Figure 19-7).

Figure 19-7. When you click the Object Types button, you can specify whether you want to search for Built-in Security Principals (special-purpose groups like Everyone and Authenticated Users), Computers, Groups, or Users. Also, the standard location for the objects is your current domain. You can still click the Location button and select your computer's name (to specify local user and group accounts), or even choose another domain on the network, if others are available.

19.3.5 Logging Off and Shutting Down

When you're on a domain PC, you sacrifice one useful feature of Windows XP Pro: the Fast User Switching feature described in Section 17.6.2. (On the other hand, you're less likely to need it, since you're less likely to share your PC with other employees during the course of the workday .) Instead, you must completely log off before other people can access their accounts.

When you choose Start Log Off, you don't get the Switch User and Log Off buttons you'd see in a workgroup. Instead, you see a simple Log Off Windows dialog box, as shown at top in Figure 19-8.

Figure 19-8. Top: Logging off on a Windows XP Professional domain computer is simpler than on a workgroup, because you can't switch users. Bottom: Selecting Shut Down on a Windows XP Pro computer that's a member of a domain lets you log off the domain or perform one of the usual shutdown options.

When you Start Shut Down, on the other hand, you see the dialog box shown at bottom in Figure 19-8. This dialog box, too, is slightly different from the one you see on a workgroup ”but the idea is the same. You specify whether you want to log off, shut the computer down completely, restart it, or put it into hibernation.

Категории