This question may seem patronizing at first, but in a Windows network domain (and also the local computer), the definition of user relates to autonomous processes, network objects (devices and computers), and humans. Human users exploit the networks or machines to get work done, meet deadlines, and get paid, but any process, machine, or technology that needs to exploit another object on the network or machine is treated as a user by the Windows operating systems. In a nutshell, the Windows Server 2003 security subsystem does not differentiate between a human and a device using its resources. All users are viewed as security principals, which at first are trusted.
Note After you install Windows Server 2003 (not do an upgrade) or create a new Active Directory domain, the operating system and many elements are exposed by default. This makes sense: Keep the doors open until the jewels have been delivered. As soon as you begin adding users to the system, and they begin adding resources that need protection, you should begin using the tools described in this chapter to lock down the elements and secure the network.
User objects are derived from a single user class in Active Directory, which in turn derives from several parents. Machine accounts are thus derived from the User object. To obtain access to the User object, you need to reference its distinguished name (DN) in program or script code. This is handled automatically by the various GUI objects, but if you plan to write scripts that access the object, you should be referencing the object's GUID.
Was this article helpful?