I am setting up a domain controller and active directory at my job. I have everything working great (for the most part)... I have policies in place. I am getting a lot of static from the upper ups about this change, as they have had a DC/AD in the past and had all kinds of issues with it.
So with that said, our question would be: is there a way to run a DC/AD without having to use the domain users from the server to login and use the local PC user account?
In other words, I want to use the domain to handle only the policies for that computer and nothing else.
I'm hoping if I can take this step I will be able in the near future use it to its full potential.
Even though you have / will be implementing Active Directory, the workstations and member servers still retain their own local databases. In short, people can still use local accounts to login in locally.
The workstations will be domain joined and they will still process group policies regardless of whether people login with a domain or local account.
However, I wouldn't recommend this. Active Directory is going to allow you to centrally keep control of Security / Auditing / resource access etc. The benefits of a good AD deployment far outweigh any negatives. If your users are authenticating using local credentials it will just give extra work for you and make it difficult for them as the company grows.