By binding AD accounts and computers separately, prohibiting local login and private domain logout, all computers can be forced to comply with the enterprise security policy, using specific AD accounts to log in to specific PCs. The security policy and management cover all Windows devices, integrating over 20 AD information and device information, and providing account usage records. AD module can detect files and it can detect duplicate SID events, generate privileged account login and logout records, and local account information, assist management personnel in discovering abnormal behavior, and control all devices that should be added to the AD domain.