Logging in to Windows based computers... Why it sometimes can be difficult.

Frank Koshere By Frank Koshere - September 26th, 2017
Posts 1    Views 134    Like 0

I have seen a lot of end users struggle with logins. Because of this, I decided to post a blog that describes the concept of logging in, (authenticating) to a windows operating system based computer. These concepts apply to other systems as well, but here I will specifically talk about the domain portion of the login, which is what throws users of the most, based on my experience. 
Computers are like people in the sense that they are unlikely to do anything for you unless they know you. Therefore, every time a person logs in to a windows operating system, there are three pieces of information that the computer needs to have, in order to successfully authenticate (log in) the user (authentication is proving you are who you say you are). Those three pieces of information are:
1. the domain that the user account exists within2. the username3. the password
The format that this info is entered in, typically looks like this for a computer that is not part of an office domain:Username: myusername@mycomputernamePassword: mypassword
Here are some examples (in the first example, Trishes-Desktop is the domain name):Username: Trish@Trishes-DesktopPassword: Spot9248
The domain/username combination can also be entered like this (in this case, Georges-Laptop is the domain name):Username: Georges-Laptop\GeorgePassword: George022485   (if that is his real birthday, that's not a good password... btw)
"But Wait!" you say. "I don't have to enter all that when I log in to my laptop. I just enter a password." You are correct, and so am I. 
Let's say you have a laptop and you are the only one who uses it (a pretty common scenario). In this case, the computer already knows the domain, because there are no domain options. The domain, is simply, your laptop. Any user accounts used for logging in to that laptop will obviously be found in the laptop's domain. So, you don't get prompted for the domain, because the computer already knows it. The domain name for any computer that is not joined to an office domain (active directory domain services domain), is always the actual computer name. 
And, because you are the only one who uses the laptop, there are no other user accounts set up on the laptop. Therefore, the computer already knows your username too. All you enter is your password. 
Now, let's complicate it a bit. This is where users' get lost. Let's say you have a work laptop, that you are going to use to VPN in to your office computer, or to access some files that are on it. You turn it on and you enter you work computer username and password, and you get denied. You say "I entered my username and password and it won't let me in!" In this case, the computer may or may not be joined to an office domain. As mentioned earlier, a domain is essentially a database of user info, within a window computer, and the computer needs to know which domain (if multiple domains exist) it will find the username/password info in, that you are specifying. There are two types of domains:
1. local domain2. active directory domain services domain  (office domain)
So let's say the laptop IS joined to an office domain, and the credentials you were given to log, on are those of an office domain. In that case you need to know the name of the office domain, because there are now TWO domains available to the laptop; the name of the laptop itself is one of the domains, and the office domain is the other. Because you are using an office domain user account, you need to specify the office domain, when logging in. The first time you tried, you entered a username and password, and even though that information was correct, you were denied access because the computer was looking in the wrong domain for the information you specified. By default, the laptop will look at it's internal domain (computer name). So, you find out what your office domain is and then you place that in front of your username as in the example below, and WA LA!! you're in!
Username: OfficeDomainName.local\workusername    OR   workusername@OfficeDomainName.local   (either one gives the same info to the computer)Password: workpassword
Now there are some variations to this information that I won't go in to, such as "What if you have never logged in to that laptop before with your office domain account username and password?" There is a little more to this overall, but the lack of understanding, regarding the fact that widows based computers are always using domain name info when logging in, is the point I wanted to get across. Often times a username and password will not be enough, if the computer is looking to the wrong domain. In those cases, understanding that it needs the correct domain too, will save you time and frustration. 
And once last thing... the domains mentioned here are completely different than internet domain names such as "google.com" or "att.com". That is another blog for another day.