Can a computer using an Azure/O365 login connect to computer using a local login on a local network?

P

ppilot

Weaksauce
Joined
Feb 1, 2003
Messages
99
So I handle IT for a small business (20 employees) and have been gradually trying to transition our laptops from consumer grade to business level laptops with Windows Pro. This actually isn't my primary job but the company didn't have anybody handling it before I arrived so I've taken it on.

The last two laptops I've setup as using the users Azure/Office 365 logins and they default to pin for secure access. Note that as of now, only three computers out of ten are using this login method as the remaining ones using local accounts with Windows 10 Home. Also there is no Windows Server on our local network

The laptop I am currently trying to setup needs to access a database file on one of those other computers on the local network and I've been running some weird credentialing/access issues that a more experienced person would probably have anticipated.

So initially while using the pin for logging into Windows (which was the default for the Windows login), the new laptop wouldn't even see the computer with the database file despite being able to ping the IP Address. I then switched the logon to a password and then the computer showed up on the network discovery.

This time it's asking for network credentials to connect to Server (email and password) even though the server is local account. Another option was to use the security pin which again doesn't work.

Is there a way for me to access that computer?
 
Without a Domain Controller or some kind of directory services, you need to make sure username/passwords match on both the local and remote host. If you try to connect to a remote machine, you will always be prompted with an NTML authentication challenge unless you have matching credentials on both machines.
 
Cmustang87 said:
Without a Domain Controller or some kind of directory services, you need to make sure username/passwords match on both the local and remote host. If you try to connect to a remote machine, you will always be prompted with an NTML authentication challenge unless you have matching credentials on both machines.
Click to expand...

So basically a machine with a local login can only be accessed by another computer with a local login. Stupid question time....would the cloud based Azure Active Directory included Office 365 meet the second option? Or do I need a premium subscription?
 
ppilot said:
So basically a machine with a local login can only be accessed by another computer with a local login.
Click to expand...

Pretty much. I don't believe Windows 10 Home comes with lusrmgr.msc (local users and groups) management - so you are kind of boned in this regard. Are you not able to access the remote location by using the username of <domain>\<user> or <user>@<domain.tld> with the appropriate password? You should still be able to authenticate a remote host with domain credentials even if you aren't on the domain. However, if you are on a domain machine accessing a remote host, you need to just have username with password available.

For the other questions - I am not well versed in Microsoft cloud designs, but it may depend on which identity-type you are using with Azure AD and O365.

I don't want to lead you down the incorrect path, so hopefully a more experienced Azure user can respond to that.
 
I highly recommend you setup a very basic AD in azure. Do it right now so as the company grows you will not screw yourself.
 
as long as you provide the local credentials on the domain machine, you're fine...

some bad advice in this thread

but using a pin or microsoft hello or whatever is just your login method

the underlying credentials (username/pw) need to be used... if that means disabling those new logon methods that may be what's needed....

although i imagine you could just create a new user with the appropriate permissions seperate from your normal login user if you reeeeally wanted to retain that functionality
 
Last edited:
goodcooper said:
some bad advice in this thread
Click to expand...

I'm always up for learning where I made a mistake, if any. Can you elaborate which advice in this thread is bad? I don't think it's fair to just make that statement without clarifying for the OP or any others that may read this thread.
 
well, you don't need matching credentials on each machine.... you just need to provide the credentials when asked...

the domain OR local credentials can be stored in the credential store

the OP just needs to ... probably go ahead and disable the sharing wizard and check a few guides on how to do file sharing the good old fashioned way (not homegroups or whatever)

there aren't any issues with domain machines accessing shares on unjoined machines and vice versa, just need to get the credentials right.... sharing with permissions for sally on computer1? provide the password for "computer1\sally" from computer2, be logged in as whoever you want
 
moving to centralized management is a good idea. It means you, or the help desk, can provide assistance without asking the user for their password or having them type it in. It also means you can push things like printer install via GPO.

Depending on the company, large or small, you may have compliance requirements. Be it NIST, PCI-DSS, or SOX (probably not SOX I know, but my point holds) you'll want to make sure you're compliant at the start of any new enterprise system you roll out. LDAP is a big audit area, so that puts pressure on you to make sure your AD is well thought out and compliant. But also that it stays well maintained. Right now, your biggest concern should be any domain admin account(s) you create. How do you plan to share those? How will you know if and when someone is using or has used, and trace a shared account back to an individual. Again, right now that might always be you but its important to start putting systems in place now for future expand-ability.
 
goodcooper said:
well, you don't need matching credentials on each machine.... you just need to provide the credentials when asked...

the domain OR local credentials can be stored in the credential store

the OP just needs to ... probably go ahead and disable the sharing wizard and check a few guides on how to do file sharing the good old fashioned way (not homegroups or whatever)

there aren't any issues with domain machines accessing shares on unjoined machines and vice versa, just need to get the credentials right.... sharing with permissions for sally on computer1? provide the password for "computer1\sally" from computer2, be logged in as whoever you want
Click to expand...

That was mostly what I said, perhaps only a little different. I stated that in order to access a remote host, you need to have the credentials. You only need to have exact matching credentials to bypass the auth challenge.
 
You must log in or register to reply here.
Back
Top