Local users and domain users in Windows

Local users

In Windows, a local user is one whose username and encrypted password are stored on the computer itself. When you log in as a local user, the computer checks its own list of users and its own password file to see if you are allowed to log into the computer. The computer itself then applies all the permissions (for example, "can use the CD-ROM", "can install programs") and restrictions (for example, "cannot install programs") that are assigned to you for that computer.

Domain users

A domain user is one whose username and password are stored on a domain controller rather than the computer the user is logging into. When you log in as a domain user, the computer asks the domain controller what privileges are assigned to you. When the computer receives an appropriate response from the domain controller, it logs you in with the proper permissions and restrictions.

Domain users evolved in response to the challenges administrators face when managing large numbers of computers, peripherals (for example, printers, network storage), services, and users. When a network has a large population of users on various computers, it is difficult to maintain information for every user on each individual computer. The task of managing so many users is simplified by allowing each computer to validate access through a central source to see if each user can log in and use computing resources. With one centralized source of user info, network administrators have only a small set of computers on which to maintain user information.

Important considerations

When you log into your computer at Indiana University, if the "Log on to:" field is ADS, then you are logging in as a domain user. It is important to remember that if you eventually remove your computer from the domain, you will be unable to log in because the computer will not be able to access the domain controller. If you plan to remove your computer from the domain (for example, moving your computer to an off-campus location), you must create a local user. For more, see Disable Windows ADS network settings after you leave the IU network.