What is the difference between a domain and a workgroup? Work and home groups, domains What is a work group on the network
The structure of computer networks may contain domains and workgroups. What are they?
What is a domain?
Under domain It is customary to understand a fairly large group of computers united into one LAN or through several connected LANs, and also having access to a wide range of different resources and network interfaces (allowing for organizing the exchange of files, streams, arrays, and implementing shared access to them).
The main features of domains are as follows:
- the domain structure includes dedicated servers that perform basic computing functions and are designed to manage network resources;
- management of computer access settings to certain parts of the network included in the domain can be carried out centrally - using servers;
- a user who has a login that is tied to a domain (or access rights) can connect to the network from any PC interacting with the corresponding domain.
A domain can have a huge number of computers - it's common for there to be thousands of them. Moreover, their individual groups may belong to different LANs, and, despite this, the domain will be functional.
Servers that serve as domain hosts are typically significantly more powerful than the average domain-attached PC. They can be installed with any of those operating systems that are optimal for solving specific problems posed by the domain owner - and it can differ significantly from the one installed on PCs that are not servers.
When using VPN standards and similar ones, users from virtually any other networks that physically have access to the corresponding resources can connect to domains formed locally. The Internet works on this principle - when a large number of PCs located in different countries of the world can, by connecting to a specific domain, receive various resources from it.
What is a working group?
Under working group It is generally accepted to understand a relatively small-scale computer network created mainly for the purpose of ensuring shared access of the PCs included in it to various files (however, the fundamental possibility of exchanging the corresponding files remains).
Working groups are characterized by the following characteristics:
- all PCs included in a workgroup are most often united within a peer-to-peer network (there are no dedicated servers in it, and also, as a rule, there is no ability to manage key resources of other computers or the network as a whole using one PC);
- Access to the corresponding network is usually possible only if the PC operating system is loaded from a specific login (user account) for which this access is open and configured.
The size of a workgroup usually does not exceed several dozen PCs. It is important that they are all united within a common LAN or subnet so that the corresponding infrastructure is sufficiently stable.
Comparison
The main difference between a domain and a workgroup is how resource management is implemented in the network infrastructure of the first and second types. Thus, for home networks where particularly intensive data exchange is not expected, the use of workgroups is typical. In corporate ones (for which such tasks are typical), domains are usually involved. The interaction of computers in large-scale networks - such as the Internet - is almost always carried out using domains.
A working group is usually much easier to form than a domain. The interfaces of modern operating systems allow even an inexperienced user to solve this problem. All you need to do is connect the PC physically using a cable or switch (optionally, wirelessly, via Wi-Fi), and also configure the network infrastructure using the built-in operating system software.
Creating a domain is usually a more complex procedure. It assumes, first of all, the presence of servers with sufficient performance, their detailed configuration, and possibly the installation of a suitable network operating system. It will also be necessary to implement in the domain infrastructure a function to authenticate the rights of those users who connect to the network.
The security of computers included in a workgroup is usually achieved by installing anti-virus software and other support programs on each of them. In the case of a domain, PC security can also be achieved through the installation of intranetwork interfaces that allow monitoring of various threats and preventing their spread across the network.
Domains are usually much easier to scale, allowing more and more new users to connect to them (including those located outside the local network in which the main domain server is located, or, alternatively, via the Internet). All that is needed is to provide new users with the information necessary for authorization in the domain, or configure its servers so that they recognize and connect certain user groups automatically.
In turn, adding a new user to a workgroup is usually a more labor-intensive procedure. It may be necessary to configure each of the connecting computers separately, determine access rights for the corresponding PCs, and make sure that the antivirus and other supporting software that is installed on them is effective.
Having determined what the difference is between a domain and a workgroup, we will record the conclusions in a small table.
Table
| Domain | Working group |
| What do they have in common? | |
| Domains and workgroups are designed to provide communication between different PCs for the purpose of exchanging data, as well as sharing access to them | |
| What is the difference between them? | |
| Is a large-scale computer network (or a group of interacting LANs), managed centrally using servers | As a rule, a peer-to-peer LAN without servers is relatively small in terms of the number of connected PCs |
| Allows for less labor-intensive, more rapid scaling of infrastructure (making it possible to create networks on a global scale) | Assumes slower scaling - due to the fact that connecting each new PC to the network, as a rule, requires its detailed configuration |
| Allows you to implement intranetwork solutions aimed at increasing the security of data exchange between PCs within a domain | Involves installation on each workgroup PC of programs necessary to ensure secure data exchange |
| A user with the necessary credentials or access can log into the domain from any PC | A user can connect to a workgroup, as a rule, only from a specific PC under a specific account |
We have already mentioned several times working groups And domains. Let's look at how these two models of network interaction in Microsoft networks fundamentally differ.
Working group is a logical grouping of computers united by a common name to facilitate navigation within the network. It is fundamentally important that each computer in the workgroup equal(i.e. the network turns out to be peer-to-peer) and maintains its own local user account database (Security Accounts Manager, SAM).
This is the main problem that prevents the use of workgroups in large corporate networks. Indeed, if we remember that logging into a protected system is mandatory, and direct and network logins are fundamentally different (direct logins are controlled by the local computer, and network logins are controlled by the remote one), then, for example, a user logged into computer Comp1 under the local account User1, access to the printer installed on computer Comp2 will be denied, since there is no user named User1 in its local database (Fig. 9.1). Thus, to ensure “transparent” interaction in a working group it is necessary create identical accounts with the same passwords on all computers, where users work and resources are located.
Windows XP Professional provides a special mode for workgroups: “Use simple file sharing”, which allows you to bypass this problem (this mode is enabled by default). In this case, the connection to any network computer is carried out on behalf of its local guest account, which is enabled using Network Setup Wizards(it is disabled by default) and for which the required access level is configured.
For Windows XP Home Edition, this method of network interaction is the main one and cannot be disabled (therefore, computers with this OS cannot be made domain members).
It is clear that managing accounts and resources in a workgroup is only possible with a small number of computers and users. Large networks should use domains.
Domain is a logical grouping of computers connected a common database of users and computers, security and management policies.
Domains are created based on Windows network operating systems, and the database, as we have already said, is supported domain controllers. An important thing in domains is that all computers here do not themselves verify users upon login, but delegate this procedure to controllers (Fig. 9.2). This organization of access makes it easy to perform a one-time verification of the user when entering the network, and then, without verification, provide him with access to the resources of all computers in the domain.
On a PC on your network, for example a MARIA laptop, run the command Control Panel-Network and Internet and click on the button Join(Fig. 28.8).
At the first step of joining a homegroup, specify the network resources that will be shared with computers that are part of the homegroup network (Fig. 28.9).
Rice. 28.9.
Next, you need to create an eight-digit password to connect your PC to the homegroup (case is important). In dialogue You have joined a homegroup click on the button Ready(Fig. 28.10).
Rice. 28.10.
Rice. 28.11.
Rice. 28.12.
Difference between Domain, Workgroup and Homegroup
Domains, workgroups, and homegroups represent different methods of organizing computers on a network. The main difference is how computers and other resources are managed. Computers running Windows on a network must be part of a workgroup or domain. Windows computers on your home network can also be part of a homegroup, but they don't have to be.
- In the working group. Each computer has multiple user accounts. To log on to any computer that belongs to a workgroup, you must have an account on that computer. A workgroup usually contains no more than twenty computers. The workgroup is not password protected. All computers must be on the same local network (subnet).
- In the home group. Computers on a home network must belong to a workgroup, but they can also (at the same time) be in a homegroup. Homegroup is password protected.
- In the domain. One or more computers are servers. Network administrators use servers to control security and permissions for all computers in a domain. Domain users must provide a password or other credentials each time they access the domain. If a user has an account on a domain, they can log on to any computer. There can be thousands of computers in a domain. Computers may belong to different local networks.
What is the difference between a domain and a workgroup?
2 answers
The real answer to this question is:
Domains, workgroups, and homegroups represent different methods of organizing computers on a network. The main difference between the two is how computers and other resources on the networks are managed.
Windows computers on the network must be part of a workgroup or domain. Windows computers on home networks can also be part of a homegroup, but this is not required.
computers on a home network are usually part of a workgroup and possibly a homegroup, and computers on a work network are usually part of a domain.
in the working group:
all computers are peer nodes on the network; no computer can control another computer.
Each computer has a set of user accounts. To log into any computer in a workgroup, you must have an account on that computer.
there are usually no more than twenty computers.
The workgroup is not password protected.
all computers must be on the same local network or subnet.
in domain:
one or more computers are servers. Network administrators use servers to manage security and permissions for all computers in a domain. This makes it easier to make changes because the changes are automatic on all computers. Domain users must provide a password or other credentials whenever they access the domain.
If you have a domain user account, you can log into any computer in the domain without an account on that computer.
You can probably make only limited changes to your computer's settings since network administrators often want to ensure consistency among computers.
there can be thousands of computers in a domain.
computers may be located on different local networks.
If your computer is on a large network at work or school, it probably belongs to domain. If your computer is on your home network, it belongs groups and may also belong to home group. When you set up a network, Windows automatically creates a workgroup and names it WORKGROUP.
» Domains and workgroups - what are they?
The Windows Server 2003 operating system and the classic Windows NT use two terms that are not related to each other, but often cause confusion for
administrators: “domains” and “workgroups”. Here's how these terms are defined.
- The domain is an element of the security system. Domain members pass
authentication using special servers called domain controllers. - The working group is an element of the resource distribution system. Workgroup members find each other using special servers called browsers.
Anyone who, like me, lived through the Cold War will understand where the source of this confusion lies. Remember Khrushchev or Brezhnev? Each of them had unlimited power in the USSR, since each of them held two posts - Chairman of the Supreme Council and General Secretary of the Communist Party. Similarly, the Primary Domain Controller (PDC) makes domains and workgroups similar to each other because the PDC stores both the security database and the browser database.
Using Workgroups
If you are installing a server that does not need to communicate with other servers, you can make it an isolated server - a member of a workgroup. Clients in the same workgroup on the same IP subnet use the same browser to find the server. Users will be authenticated using the local SAM database on the server every time they connect over the network.
Even if you have a domain, sometimes it makes sense to install isolated servers. For example, such a server could be installed within a demilitarized zone, in which computers are not required to pass login information back through the firewall.
Joining a domain
If the authentication database on the server is not strong enough, the server must be added to the domain. In this case, the server becomes a member of the domain. Active Directory domain members authenticate users using the Kerberos protocol. This allows you to achieve a high level of security and get a fast authentication mechanism. In addition, such an authentication mechanism contains authorization information that is necessary to create a local security context for the user.
Members of a classic Windows NT domain authenticate users using the NT LanMan Challenge-Response protocol. In this case, the server is required to have a direct communication line with the backup domain controller.
In the Windows NT operating system, adding a computer to a domain required you to provide administrator authentication credentials. In Windows Server 2003 (and Windows 2000), any authenticated user can add a computer to a domain. The ability to add computers to a domain is determined by group policy for the Domain Controllers Organization Unit in Active Directory. By changing this group policy, you can limit the users who are allowed to add computers to the domain.
