My home workstation should never resemble a workstation in a corporate setting; especially not when I don’t intend to work at a company that I need to report to an office for.
There is a local Administrator account in an AD environment (just like on all Windows systems), but that may be disabled.
As for the domain users, you have a locally created profile and because it caches your credentials you can sign in offline, but your account isn’t local in the sense that you could sign in offline (or without access to the domain) indefinitely. For on-prem AD, at least with 2012R2, 2012, and 2008R2 (the last versions I worked with, so can’t speak for newer) by default the length that clients held onto that cache was 30 days, but it was configurable in Group Policy. If your device was away from the domain for longer than that you would no longer be able to sign in.
Depending on how your domain is configured you might even have your profile redirected to a network share somewhere, making the account even less local.
Microsoft accounts on personal devices function in basically the same way. If they’re offline for too long you stop being able to logon, but you won’t lose data in your user folder (unless you’ve setup profile redirection to One Drive or an SMB share on a NAS).
In neither of those scenarios would I say your account is local, because a network connection is required for initial sign in and then periodically afterwards to be able to use the device with your account.
Same. The Linux setup there is a fucking mess though… AD authentication freezes login for a minute or so if you switch networks at the wrong moment, puppet keeps messing with the system and recently they installed clamav as a live malware scanner on all machines, making them eat batteries for breakfast and slowing down even menial tasks. If you have admin rights, they refuse to add your user to sudoers but instead create a new admin user (another indicator that they’re just really coming from windows) which everybody just uses to add their original user to sudoers, which was a nice workaround but which they now noticed and want to prohibit via puppet or user rights or something. It’s just such a mess. I mean, still leagues ahead of using windows, but a corporate environment really is a machine that transforms time and money into a terrible experience for everybody.
Oh we have a dedicated Linux service contract with a dedicated Linux support company that has technicians just to deal with Linux issues and provide the Linux setup. We’ve had time to adapt. I guess some bloke still decided that there just had to be a malware scanner and now we all have to eat shit. This is much less a lesson for it departments and much more a lesson that the people who manage stuff just have other goals than the people working with the tools that are managed, so you end up with somebody who wants to cover their ass in case something goes wrong in the future and makes it a terrible experience for everybody in the process but can sell it as a necessity to the people below and as action to the people above.
I used Linux at my old job, which was a start-up with no IT. But at my current job, which is a massive tech corporation with overbearing IT, they require us to use Windows. :(
Though I don’t have an option to use a local account on my work laptop anyway.
In a corporate setting there usually isn’t
In a corporate setting you’re probably using Active Directory for authentication and don’t have a local account anyway.
My home workstation should never resemble a workstation in a corporate setting; especially not when I don’t intend to work at a company that I need to report to an office for.
deleted by creator
If you do, you don’t know what your doing
There is a local Administrator account in an AD environment (just like on all Windows systems), but that may be disabled.
As for the domain users, you have a locally created profile and because it caches your credentials you can sign in offline, but your account isn’t local in the sense that you could sign in offline (or without access to the domain) indefinitely. For on-prem AD, at least with 2012R2, 2012, and 2008R2 (the last versions I worked with, so can’t speak for newer) by default the length that clients held onto that cache was 30 days, but it was configurable in Group Policy. If your device was away from the domain for longer than that you would no longer be able to sign in.
Depending on how your domain is configured you might even have your profile redirected to a network share somewhere, making the account even less local.
Microsoft accounts on personal devices function in basically the same way. If they’re offline for too long you stop being able to logon, but you won’t lose data in your user folder (unless you’ve setup profile redirection to One Drive or an SMB share on a NAS).
In neither of those scenarios would I say your account is local, because a network connection is required for initial sign in and then periodically afterwards to be able to use the device with your account.
I use Linux on my desktop at work, and sometimes you might end up with an apple computer instead depending on the employer.
The monopoly is slipping.
¯\_(ツ)_/¯
Same. The Linux setup there is a fucking mess though… AD authentication freezes login for a minute or so if you switch networks at the wrong moment, puppet keeps messing with the system and recently they installed clamav as a live malware scanner on all machines, making them eat batteries for breakfast and slowing down even menial tasks. If you have admin rights, they refuse to add your user to sudoers but instead create a new admin user (another indicator that they’re just really coming from windows) which everybody just uses to add their original user to sudoers, which was a nice workaround but which they now noticed and want to prohibit via puppet or user rights or something. It’s just such a mess. I mean, still leagues ahead of using windows, but a corporate environment really is a machine that transforms time and money into a terrible experience for everybody.
IT departments will have to adapt, of course.
I mean they (actually we) usually have a bad time even transitioning from windows 10 to 11, Linux will 100% be a mess for a good while.
Oh we have a dedicated Linux service contract with a dedicated Linux support company that has technicians just to deal with Linux issues and provide the Linux setup. We’ve had time to adapt. I guess some bloke still decided that there just had to be a malware scanner and now we all have to eat shit. This is much less a lesson for it departments and much more a lesson that the people who manage stuff just have other goals than the people working with the tools that are managed, so you end up with somebody who wants to cover their ass in case something goes wrong in the future and makes it a terrible experience for everybody in the process but can sell it as a necessity to the people below and as action to the people above.
Why don’t they go with Microsoft Defender for Linux? I have never used it so don’t know if it’s still a battery hog…
I mean, scanning your download folder, if there is something new, could make sense in a high-risk environment. But only if.
They’ve tossed ClamAV on mine but it’s not on the AD, thankfully.
I used Linux at my old job, which was a start-up with no IT. But at my current job, which is a massive tech corporation with overbearing IT, they require us to use Windows. :(
Though I don’t have an option to use a local account on my work laptop anyway.
In a corporate setting it isn’t your computer though.
Yeah, corporate dystopia is a thing.
Redhat?