AN OVERVIEW
Windows NT server maintains compatibility with servers running LAN manager while expanding and enhancing the LAN manager feature set. For example, Windows
NT server builds on the LAN Manager domain model but simplifies domain administration. Now there are only three types of servers instead of four servers. Instead of requiring an account for each domain, users can have a single network wide logon. Windows NT sever security features will be very familiar to LAN Manager users
because they build on those of LAN Manager.
DIFFERENCES IN DOMAIN ADMINISTRATION
Both LAN Manager and Windows NT Server use domains to centralize a user
account database and as an authentication mechanism. Under both systems, a domain is
a group of servers that share a common database of user and group accounts.However,
under Windows NT Server, user account database is called the security database. It
includes user accounts, group accounts, computer accounts, and security policies.
SERVERS AND CLIENTS
A Windows NT Server domain includes one Windows NT Server computer acting as
the primary domain controller.Additional Windows NT Server computers in the domain
function as backup domain controllers, and each of them can authenticate logon requests.
optionally, a windows NT server domain can also include server running LAN manager,
Windows NT workstation computers, and workstations such as those running windows for workgroups and MS-DOS.
GROUPS
Windows NT supports two types of groups: global and local. A global group can contain only users from the domain in which it was created but can appear in permission
lists in any domain that trusts that domain. A domain’s local groups can contain users and global groups from that domain, as well as users and global groups from trusted domains. However, a local group can be assigned with permissions and rights in its home domain.
TRUST RELATIONSHIPS
Windows NT Server trust relationships: links between domains that enable pass through authentication.Trust relationships permit user accounts and global groups to be used in domains other than the domain where these accounts are located. LAN manager servers can operate in windows NT Server domains and can recognize accounts from those domains. But servers running LAN Manager cannot participate in trust relationships; they are unable to recognize user accounts from trusted domains.
Result is that you can assign permissions to users from trusted domains on the Windows NT Server computers in a domain, but not on the servers running LAN Manager in that same domain.
