I am a developer and curious how Windows server machines are used.
- A) I believe that they show interactive login screen but run without any user had ever logged-in.
Correct?
In context of definition of (*), under which account the booted Windows AD-joined-machine is identified/secured by AD DC (Domain Controller):
AD-joined machine show login screen permitting 2 basic logins thereafter:
-
- Local user account
-
- Domain user account
In which context – B) or C) – runs the following after A), i.e after login screen, the further logged-in local user 1)?
Update 1:
I know how identification, impersonation, and delegation of processes work.
This question is about when a Windows machine is booted and shows the interactive login screen with choices.
-
Under which machine account is it booted before any (interactive) user login?
when it shows login screen?
Well, basically I am re-writing the original questions.
But, having read (*), I cannot understand why "Machine SID for computer DEMOSYSTEM" (in Table 1) is needed at all.
It is not used to access other machine before joining machine to AD, even less it seems to be needed after (joining a machine to AD).
Update 2:
Also, it is difficult to believe that local user account of machine before joining to domain is the same as after joining. Computer is identified and channel is secured by DC even for local account of AD computer but not for workgroup one.
Subquestions forked from this question:
- workgroup Windows users (or groups) can use domain accounts? but not vice versa?
- Domain Admins vs. Administrators in Windows AD DC
Cited:
Related question:
Best Answer
Your question is not stated very clearly... howewer, here's how it basically works:
Local System
,Local Service
andNetwork Service
. These are built-in to every Windows computer since XP/2003 (before that only Local System existed).To sum it up:
Update:
There's not a single account under which "the machine is booted". When you are at the logon screen, there are lots of things running on the system: basic system services, the programs which actually manage the logon screen itself, and possibly plenty of application services if the system is a server. Each one of these processes can run under a different user account. Most system services, anyway, run using one of the three system accounts (Local System, Local Service, Network Service). You can see which account a service runs as in the
Services
MMC (and/or in the Task Manager).The machine SID, as stated by that article and many others, is not actually needed or used for anything, besides being a "prefix" for the SIDs of local user accounts (which, as such, are never seen nor referenced outside the system itself); network authentication on behalf of the system uses the computer's domain account.