When you install Windows NT, it allows you to create two administrator usernames:
The user may logon to the local machine, or when the machine is installed in a Windows NT Advanced Server Domain, the user may logon to the Domain. DB2 for Windows NT supports both of these options. To authenticate the user, DB2 checks the local machine first, then the Domain Controller for the current Domain, and finally any Trusted Domains known to the Domain Controller.
To illustrate how this works, suppose that the DB2 instance requires Server
authentication. The configuration is as follows:
Each machine has a security database, Security Access Management (SAM), unless a client machine is running Windows 95. Windows 95 machines do not have a SAM database. DC1 is the domain controller, in which the client machine, Ivan, and the DB2 for Windows NT server, Servr, are enrolled. TDC2 is a trusted domain for DC1 and the client machine, Abdul, is a member of TDC2's domain.