Active Directory 2008: Default Local Groups…

A local group is created and available only on a local, single computer. Windows creates default local groups automatically during installation. These groups have default rights, permissions, and group memberships. You can rename these groups, but cannot delete them. Some default groups are listed in the following table:

Group Description
Administrators Members of the Administrators   group have complete and unrestricted access to the computer, including every   system right. The group contains the Administrator user account (by default)   and any account designated as a computer administrator.
Backup Operators Members of the Backup Operators   group can back up and restore files (regardless of permissions), log on   locally, and shut down the system. However, members cannot change security   settings.
Users Members of the Users group:

  • Can use the computer but        cannot perform system administration tasks and might not be able to run        legacy applications.
  • Cannot share directories or        install printers if the driver is not yet installed.
  • Cannot view or modify system        files.

You should know the following about the Users group:

  • Any user created with Local        Users and Groups is automatically a member of this group.
  • User accounts designated as limited        use accounts are members of this group.
Power Users Members of the Power Users group   have no more user rights or permissions than a standard user account, by   default. For legacy applications requiring the same Power User rights and   permissions that were present in previous versions of Windows, administrators   can apply a security template that enables the Power Users group to assume   the same rights and permissions present in previous versions of Windows.
Guests Members of the Guests group have   limited rights (similar to members of the Users group), such as shutting down   the system. Members of the Guests group have a temporary profile created at   log on, that is then deleted when the member logs off.

Note: Additional groups, such as Network Configuration Operators and Replicator, also exist. Additionally, many features or applications may create default groups. In most cases, you should not modify the membership or privileges of these groups without understanding how they are used.


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s