Configuring Network Integration Features : Domain and local workgroup settings
  
Domain and local workgroup settings
You can choose between two user authentication modes: domain or local workgroup. Creating a local workgroup eliminates the need to join a Windows domain and simplifies the configuration process, but a workgroup does not support SMB signing, MAPI 2007 encrypted traffic optimization authentication, or MAPI Exchange as a hosted service.
You can join a SteelHead to a domain in Active Directory 2008 integrated mode without administrator privileges. For details, go to Knowledge Base article S18097.
In Domain mode, you configure the SteelHead to join a Windows domain (typically, the domain of your company). When you configure the SteelHead to join a Windows domain, you do not have to manage local accounts in the branch office, as you do in Local Workgroup mode.
Domain mode allows a domain controller (DC) to authenticate users accessing its file shares. The DC can be located at the remote site or over the WAN at the main data center. The SteelHead must be configured as a Member Server or Active Directory integrated in the Windows 2000 or later Active Directory Services (ADS) domain. Domain users are allowed to use the Kerberos delegation trust facility and NTLM environments for MAPI 2007 encryption or SMB signing based on the access permission settings provided for each user.
In RiOS 9.0, the support for one-way trusts includes Windows 7 clients without requiring a registry change on the Windows 7 client. You must join the server-side SteelHead to the domain using the Active Directory integrated (Windows 2003/2008) mode. This mode allows the SteelHead to use authentication within the Active Directory environment on the Exchange servers that provide Microsoft Exchange online services. The domain that the server-side SteelHead joins must be either the same as the client user or any domain that trusts the domain of the client user.
Before enabling domain mode make sure that you:
configure the DNS server correctly. The configured DNS server must be the same DNS server to which all the Windows client computers point. To use SMB signing, the server-side SteelHead must be in DNS.
have a fully qualified domain name. This domain name must be the domain name for which all the Windows desktop computers are configured.
In Local Workgroup mode, you define a workgroup and add individual users that have access to the SteelHead. The SteelHead does not join a Windows domain.
Use Local Workgroup mode in environments where you do not want the SteelHead to be a part of a Windows domain. Creating a workgroup eliminates the need to join a Windows domain and simplifies the configuration process.
If you use Local Workgroup mode you must manage the accounts and permissions for the branch office on the SteelHead. The Local Workgroup account permissions might not match the permissions on the origin-file server.