| Group |
User/ Session |
Description |
| Administrators |
|
A built-in group . After the initial
installation of the operating system, the only member of the group is
the Administrator account. When a computer joins a domain, the Domain
Admins group is added to the Administrators group. When a server
becomes a domain controller, the Enterprise Admins group also is added
to the Administrators group. The Administrators group has built-in
capabilities that give its members full control over the system. The
group is the default owner of any object that is created by a member of
the group. |
| Backup Operators |
|
A built-in group. By default, the
group has no members. Backup Operators can back up and restore all
files on a computer, regardless of the permissions that protect those
files. Backup Operators also can log on to the computer and shut it
down. |
| Domain Admins |
|
A global group whose members are
authorized to administer the domain. By default, the Domain Admins
group is a member of the Administrators group on all computers that
have joined a domain, including the domain controllers. Domain Admins
is the default owner of any object that is created in the domain's
Active Directory by any member of the group. If members of the group
create other objects, such as files, the default owner is the
Administrators group. |
| Domain Computers |
|
A global group that includes all
computers that have joined the domain, excluding domain controllers. |
| Domain Controllers |
|
A global group that includes all domain
controllers in the domain. New domain controllers are added to this
group automatically. |
| Domain Guests |
|
A global group that, by default, has
only one member, the domain's built-in Guest account. |
| Domain Users |
|
A global group that, by default,
includes all user accounts in a domain. When you create a user account
in a domain, it is added to this group automatically. |
| Enterprise Admins |
|
A group that exists only in the root
domain of an Active Directory forest of domains. It is a universal
group if the domain is in native mode, a global group if the domain is
in mixed mode. The group is authorized to make forest-wide changes in
Active Directory, such as adding child domains. By default, the only
member of the group is the Administrator account for the forest root
domain. |
| Power Users |
|
A built-in group. By default, the group
has no members. This group does not exist on domain controllers. Power
Users can create local users and groups; modify and delete accounts
that they have created; and remove users from the Power Users, Users,
and Guests groups. Power Users also can install most applications;
create, manage, and delete local printers; and create and delete file
shares. |
| Pre-Windows 2000 Compatible Access |
|
A backward compatibility group which
allows read access on all users and groups in the domain |
| Print Operators |
|
A built-in group that exists only on
domain controllers. By default, the only member is the Domain Users
group. Print Operators can manage printers and document queues. |
| RAS and IAS Servers |
|
A domain local group . By default, this
group has no members. Computers that are running the Routing and Remote
Access service are added to the group automatically. Members of this
group have access to certain properties of User objects, such as Read
Account Restrictions, Read Logon Information, and Read Remote Access
Information. |
| Remote Desktop Users |
|
XP - Members in this group are granted
the right to logon remotely |
