6.2 Computer Accounts
Computer accounts are created for all Windows NT, Windows 2000, Windows XP, and Windows Server
2003 computers in a domain. Computers running Windows 3.x, Windows 9x, or Windows ME do not have
computer accounts and cannot be members of a domain, although a user who has an account in the domain
can use it to log on to the domain. Computer accounts provide a means for authenticating and auditing
computer access to the network and to domain resources.
A computer account must be created in Active Directory for users to take full advantage of Active Directory
features. When a computer account is created, the computer can use advanced authentication processes such
as Kerberos authentication and IP security (IPSec) to encrypt IP traffic. The computer also needs a computer
account to dictate how auditing is applied and recorded. In addition, a user must have a valid user account,
and the user must also log on to the domain from a computer that has a valid computer account to be fully
authenticated by Active Directory.