First, domain accounts can cache as well (although that is configurable) so even domain accounts can be logged into when the machine is not attached to the network.
Second, a few legacy apps (or badly written modern apps) require a local account to be used. Other than that, I agree with Joel, get them to annotate the actual requirements, test in a lab and usually you can figure out a way to get them what they want in a secure manner. Craig L Bowser ____________________________ This email is measured by size. Bits and bytes may have settled during transport. On Fri, May 20, 2011 at 1:44 PM, Joel Esler <[email protected]> wrote: > Ask them why. Then report back. Most likely they don't need what they are > asking. > > On May 20, 2011, at 1:24 PM, Matthew Perry wrote: > > > I have a few users who insist that they need a local account on their > domain laptops. I am trying to explain to them that their password will > cache and allow them to login while not on the network. It also looks like > local accounts bypass a lot of our group policy rules that we have put in > place and I do not want to have to manage local policies as well. Can > anyone give me some more good reasons why it is bad to use a local account > instead of a domain account. > > > > Thanks! > > > > -- > > Matthew Perry > > _______________________________________________ > > Pauldotcom mailing list > > [email protected] > > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom > > Main Web Site: http://pauldotcom.com > > _______________________________________________ > Pauldotcom mailing list > [email protected] > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom > Main Web Site: http://pauldotcom.com >
_______________________________________________ Pauldotcom mailing list [email protected] http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
