← Go back to the Active Directory Security Glossary
A local computer is a computer joined to Active Directory without being part of its deeper management structures. The term local computer is a general networking term for any computer or device which is managed on its own terms separate from a centralized directory service such as Active Directory.
Within Active Directory, this situation can come about for a variety of reasons.
The device might not have been enrolled in Active Directory yet because an employee has sneaked it into the company without telling anyone or it might belong to a third party (maybe you allow BYOD).
If the device belongs to a third party, basic access to the network can be allowed through a guest account with limited privileges or a temporary account offering a greater level of access.
Read more: BYOD Security for Windows Networks
The definition of a Windows device should be simple: it’s any computer running the Microsoft Windows operating system.
Unfortunately, given the sheer number of Windows versions that have accumulated over the centuries, the term can refer to a lot of different things. For example, you could be referring to Windows 10, Windows 11, Windows 8, Windows 7 or even the zombie of the family, Windows XP. And that’s before considering the equivalent versions of Windows Server for each of these incarnations.
In reality, a Windows device is anything Microsoft calls a Windows device, which technically means a version of Windows the company still supports.
Active Directory endpoints
Taken broadly, the term endpoint refers to any device which can be connected to a local area TCP/IP network or WAN.
For many years, the only endpoints were PCs, and the term was rarely used. The rapid expansion of device types in the early 2000s – mobile, Internet of Things (IoT), and virtualized devices – led to the adoption of the more general term ‘endpoint’ which reflected the fact that a huge range of physical and virtual devices could now be connected to a network.
In Active Directory, an endpoint is simply any device represented within the directory service which can authenticate itself. Historically, the rapid expansion of the different types of endpoint has been a big driver for Active Directory.
Managing LAN devices and their users was challenging when they were only PCs; trying to do this while accommodating mobile, IoT, and remote services without a centralized directory service would be viewed todays as a non-starter.