Domain account vs Local account on Vista

Discussion in 'Security' started by pbodavula, Oct 12, 2009.

  1. pbodavula

    pbodavula

    Joined:
    Oct 12, 2009
    Messages:
    2
    Likes Received:
    0
    Hi,

    We are creating a PDF file in login user's local application folder (C:\Users\%username%\AppData\Local\folder1) through a custom .Net application and displaying the created pdf file in application.

    The above functionality is working for users who are part of domain and added to local vista machine as users (both for administrator and standard user accounts).

    The same is not working for local users (both administrator and standard user accounts created in vista box).

    File is getting created for any user under their local appdata folder and can able to open from that location, but not displaying from app in case of local system users (admin or standard type).

    Can anyone help me what security settings differ between domain users vs local users in vista business 32 bit OS?

    Thanks
    Padmaja
     
    pbodavula, Oct 12, 2009
    #1
    1. Advertisements

  2. pbodavula

    pbodavula

    Joined:
    Oct 12, 2009
    Messages:
    2
    Likes Received:
    0
    Policy that is actually causing the problem (or lack thereof) is corresponds to Internet Options control panel, Connections tab, Lan Settings button: Use Automatic Configuration settings.

    Having this turned on causes IE to load a configuration file prepared by IT department which makes a whole lot of configuration changes to IE, including remapping the security zones. We can test this by unchecking this option (the default state).

    Since the machine is in domain and since we are testing with domain users accounts, I have monitored domain controller pushing down a bunch of policy settings which relax the IE security settings, causing the reports to display.

    First, domain settings will resync over time and this checkbox will keep getting turned back on automatically. So you can’t really turn this off, it won’t stay off. I would feel better just testing local accounts, but since the computer is also a member of the domain, machine-specific policies are applied by the domain as well.
     
    pbodavula, Oct 23, 2009
    #2
    1. Advertisements

  3. pbodavula

    WAW8

    Joined:
    Jan 27, 2007
    Messages:
    3,541
    Likes Received:
    2
    Location:
    Northern Virginia, USA
    What you just reported is why we don't get involved in domain-related stuff.



    There's just too much that can originate from the domain controller side, and when you combine that with group policy settings, there's more than we can handle from this end.



    Sorry, but we have our hands full just trying to keep consumers on home PCs up and running. We can't take on members of domain accounts as well.
     
    WAW8, Oct 23, 2009
    #3
  4. pbodavula

    robinson

    Joined:
    May 14, 2010
    Messages:
    4
    Likes Received:
    0
    The security database on each computer stores the local user accounts that are specific to that computer Local user accounts allow users to log on only to the computer where you create the local account.local account allows users to access resources only on that same computer With such a setup.



    A domain controller is a computer that maintains the security database, including user accounts and groups, for the domain With a domain user account, you can log on to any computer in the domain
     
    robinson, May 14, 2010
    #4
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.