Learnthat.com

Most Popular

Windows Server 2003 Default Groups

by Jeremy Reis on Monday, March 19, 2007

Using Default Groups

Microsoft Server 2003 has several built in groups which have predefined user rights. These groups are stored in two containers: Builtin and Users.

Groups in the Builtin Container:

Group	Description	Default User Rights
Account Operators	Account Operators can create, modify, and delete accounts for users, groups, and computers located in the containers and OUs - except for the Domain Controllers OU. Cannot modify the Administrators or Domain Admins group.	Allow log on locally; Shut down the system
Administrators	Full control of all domain controllers in the domain. The Domain Admins and Enterprise Admins are members of the Administrators group. The Administrator user account is a default member.	Access this computer from the network; Adjust memory quotas for a process; Back up files and directories; Bypass traverse checking; Change the system time; Create a pagefile; Debug programs; Enable computer and user accounts to be trusted for delegation; Force a shutdown from a remote system; Increase scheduling priority; Load and unload device drivers; Allow log on locally; Manage auditing and security log; Modify firmware environment values; Profile single process; Profile system performance; Remove computer from docking station; Restore files and directories; Shut down the system; Take ownership of files or other objects.
Backup Operators	Can back up and restore files on domain controllers on the domain. Can shut down domain controllers. No default members.	Back up files and directories; Allow log on locally; Restore files and directories; Shut down the system.
Guests	The Domain Guests group is a member of this group. The Guest account is also a default member.	No default user rights.
Incoming Forest Trust Builders (only appears in the forest root domain)	This group allows its members to create one-way incoming forest trusts to the forest root domain. No default members.	No default user rights.
Network Configuration Operators	Can make changes to TCP/IP settings and renew/release TCP/IP addresses on domain controllers. No default members.	No default user rights.
Performance Monitor Users	Can monitor performance counters on domain controllers.	No default user rights.
Performance Log Users	Can manage performance counters, logs, and alerts on domain controllers.	No default user rights.
Pre-Windows 2000 Compatible Access	Members of this group have read access on all users and groups in the domain. By default, Everyone is a member of this group. Used for users running Windows NT 4.0 or earlier.	Access this computer from the network; Bypass traverse checking.
Print Operators	Members of this group can manage, create, share, and delete printers connected to domain controllers. They can manage AD printer objects in the domain. No default members.	Allow log on locally; Shut down the system.
Remote Desktop Users	Members can remotely log on to domain controllers. No default members.	No default user rights.
Replicator	This group supports directory replication functions and is used by the File Replication service on domain controllers in the domain. No default members. Do not add users to this group.	No default user rights.
Server Operators	Members of this group can log on interactively to domain controllers, create and delete shared resources, start and stop some services, back up and restore files, format the hard drive, and shut down the computer. No default members.	Back up files and directories; Change the system time; Force shutdown from a remote system; Allow log on locally; Restore files and directories; Shut down the system.
Users	Members can perform common tasks - starting applications, using local and network printers, and locking the server. The Domain Users group, Authenticated Users, and Interactive are members of this group. Any user account created in the domain becomes a member of this group.	No default user rights.

Groups in the Users Container:

Group	Description	Default User Rights
Cert Publishers	Members of this group are permitted to publish certificates for users and computers.	No default user rights.
DNSAdmins	Installed with DNS. Members have administrative access to the DNS Server service. No default members.	No default user rights.
DNSUpdateProxy	Installed with DNS. Members of this group are DNS clients that perform dynamic updates on behalf of other clients, such as DHCP servers. No default members.	No default user rights.
Domain Admins	Members have full control of the domain. This group is a member of the Administrators group on all domain controllers, all domain workstations, and all domain member servers at the time they are joined to the domain. The Administrator account is a member of this group.	Access this computer from the network; Adjust memory quotas for a process; Back up files and directories; Bypass traverse checking; Change the system time; Create a pagefile; Debug programs; Enable computer and user accounts to be trusted for delegation; Force a shutdown from a remote system; Increase scheduling priority; Load and unload device drivers; Allow log on locally; Manage auditing and security log; Modify firmware environment values; Profile single process; Profile system performance; Remove computer from docking station; Restore files and directories; Shut down the system; Take ownership of files or other objects.
Domain Computers	Contains all workstations and servers joined to the domain. Any computer account created becomes a member of this group automatically.	No default user rights.
Domain Controllers	Contains all domain controllers in the domain.	No default user rights.
Domain Guests	All domain guests.	No default user rights.
Domain Users	All domain users. Any user account created in the domain becomes a member of this group automatically.	No default user rights.
Enterprise Admins	Only appears in the forest root domain. Full control of all domains in the forest. The Administrator account is a member of this group.
Group Policy Creator Owners	Can modify Group Policy in the domain. The Administrator account is a default member.	No default user rights.
IIS_WPG	Installed with IIS. The Internet Information Services (IIS) 6.0 worker process group. No default members.	No default user rights.
RAS and IAS Servers	Servers in this group are permitted access to the remote access properties of users.	No default user rights.
Schema Admins	Only appears in the forest root domain. Members can modify Active Directory schema. Administrator account is a default member.	No default user rights.

Page 40 of 42

Previous Page | 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 | Next Page

Comments

Rate This Post:

MCSE Course

its good for those peoples wich use internet and have not resourses for go to school or college. it esiy to learn so i m thank full to learnthat.com

saifyno1, Monday, January 07, 2008

80 out of 137 people found this comment informative.

Rate This Post:

for improvment

i want to se tht how am in able to get improved tht

Anonymous, Tuesday, January 22, 2008

79 out of 152 people found this comment informative.

Rate This Post:

Superb!!!!

Awsome study resources. Thank you very much Learn that TEAM.

Anonymous, Sunday, March 30, 2008

54 out of 94 people found this comment informative.

Rate This Post:

I Love Learn Thant !!!

Great job, Great help & Support for the netizens.
Thankyou very much ..

vkspillai, Sunday, March 30, 2008

54 out of 101 people found this comment informative.

Rate This Post:

this is perfect pls go for it

i used it and it worked for me.

Anonymous, Saturday, April 19, 2008

47 out of 88 people found this comment informative.

Rate This Post:

Great but will it really leads to some certification

great work...Mind blowing effort

Anonymous, Wednesday, May 28, 2008

33 out of 61 people found this comment informative.

Rate This Post:

kitti

its good for freshers who want to know about the concepts of fundmentals

Anonymous, Sunday, June 01, 2008

29 out of 59 people found this comment informative.

Rate This Post:

amazing

this tutorial is absolutely very good experince

Anonymous, Friday, June 06, 2008

30 out of 59 people found this comment informative.

Rate This Post:

good learn

its very good to learn about windoos 2003

Anonymous, Wednesday, September 10, 2008

11 out of 20 people found this comment informative.

Rate This Post:

Great articles

Its easy to understand the concepts through learnthat..
wonderful

Anonymous, Saturday, September 27, 2008

5 out of 8 people found this comment informative.

Rate This Post:

Nice

It's a nice article, easy to understand and use in practice.

Anonymous, Monday, September 29, 2008

4 out of 7 people found this comment informative.

Add a Comment to This Article

Comment Title:

Username:

Anonymous (Please Login to Post With Your Account)

Your Comment:

By posting a comment on this site, you agree to the following terms and conditions: 1. You are not promoting any commercial entity through this post. 2. You are the original author of this comment and heretoafter license That Network to use this post in any form it sees fit, electronic or otherwise. 3. You grant an exclusive worldwide license to That Network for this comment or post.
HTML not permitted, some code allowed in [brackets]:
[b]bold[/b] , [i]italicized[/i], [br] line break, other formatting...