ServersLearn AD in 15 Minutes a Week: Active Directory Groups Page 4

Learn AD in 15 Minutes a Week: Active Directory Groups Page 4

ServerWatch Staff
By ServerWatch Staff
Servers

ServerWatch content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More.




The most commonly used built-in local groups and their default properties are as follows:

  • Administrators: Members of the built-in Administrators local group are allowed by default to perform all administrative tasks on the computer. By default, the built-in Administrator user account for the computer is a member. When a member server or computer running Microsoft Windows 2000 Workstation joins a domain, Windows 2000 adds the Domain Admins predefined global group to the local Administrators group.
  • Backup Operators: Members of the built-in Backup Operators local group are allowed by default to use Windows Backup to backup and restore the local system.
  • Guests: Members of the built-in Guests local group are allowed by default to perform only tasks for which you have specifically granted rights and can access only resources for which you have assigned permissions; members cannot make permanent changes to their desktop environment. By default, the built-in Guest account for the computer is a member. When a member server or a computer running Windows 2000 Workstation joins a domain, Windows 2000 adds the Domain Guests predefined global group to the local guests group.
  • Power Users: Members of the built-in Power Users local group are allowed by default to create and modify user accounts on the local system and share resources on the local system.
  • Replicator: This built-in local group supports directory replication functions. The only member should be a domain user account used to log on to the Replicator services of the domain controller. Do not add the accounts of actual users t
    o this group.
  • Users:
    Members
    of the built-in Users local group are allowed by default
    to perform only tasks for which you have specifically
    granted rights and can access only resources for which you
    have assigned permissions. By default, Windows 2000 adds
    to the Users group local user accounts that you create on
    the computer. When a member server or a computer running
    Windows 2000 Professional joins a domain, Windows 2000
    adds the Domain Users predefined global group to the local
    Users group.

Special identity groups

do not have specific memberships that Administrators
directly modify, but they represent different users at
different times, depending on how a user accesses a given
system or resource on that system. Special identity groups
are not found in the Local Computers and Users or Active
Directory Users and Computers MMC (Microsoft Management
Console) snap-ins for direct administration, but these
groups are available for use when you assign rights and
permissions to resources.

The most
commonly used special identity groups and their default
properties are as follows:


  • Anonymous
    Logon
    special
    identity group includes any user account that Windows 2000
    did not authenticate to the local system, such as an
    anonymous FTP user.

  • Authenticated Users
    special
    identity group includes all users with a valid user
    account on the computer or in Active Directory service.
    Use the Authenticated Users group instead of the Everyone
    group to prevent anonymous access to a resource.


  • Creator
    Owner
    special
    identity group includes the user account for the user who
    created or took ownership of a resource. If a member of
    the Administrators group creates a resource, the
    Administrators group is owner of the resource.


  • Dialup

    special
    identity group includes any user who currently has a
    dial-up connection to the local system.


  • Everyone

    special
    identity group includes all users who access the computer.
    Be careful if you assign permissions to the Everyone group
    and enable the Guest account. Windows 2000 authenticates
    as Guest a user who does not have a valid user account.
    The user automatically gets all rights and permissions
    that you have assigned to the Everyone group. The Everyone
    group is assigned full control to many resources by
    default.

  • Interactive
    special
    identity group includes the user account for the user who
    is logged on at the local system console. Members of the
    Interactive group gain access to resources on the computer
    at which they are physically located.


  • Network

    special
    identity group includes any user with a current connection
    from another computer on the network to a shared resource
    on the computer.

Well, that wraps up this section
of ‘Learn Active Directory Design and Administration in 15
Minutes a Week.’

If you have any questions, comments or
even constructive criticism, please feel free to drop me a
note.

I want to write solid technical
articles that appeal to a large range of readers and skill
levels, and I can only be sure of that through your feedback.

Until next time, best of luck in your
studies and remember,


“Clones are people two.”

Jason Zandri
Jason@Zandri.net
www.2000trainers.com

Get the Free Newsletter!

Subscribe to Daily Tech Insider for top news, trends & analysis

Latest Posts

Related Stories

ServerWatch is an established resource for technology buyers looking to increase or improve their data center infrastructure. ServerWatch’s reviews, comparisons, tutorials, and guides help readers make informed purchase decisions around the hardware, software, security, management, and monitoring tools they use to innovate for employees and customers.

Advertisers

Advertise with TechnologyAdvice on ServerWatch and our other data and technology-focused platforms.

Advertise with Us

Menu

Our Brands

Property of TechnologyAdvice.
© 2023 TechnologyAdvice. All Rights Reserved

Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.