Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium


Administrative powers

Posted on 2003-02-24
Medium Priority
Last Modified: 2010-08-05
Hi everyone,

My supervisor asked me to find some information on this O/S (win2k) about Administrative powers. The question was this. "What kind of extra privileges do Local Adminstrators have over regular users in Win2k"
I've looked all over the MS site but i never found any sort of list. Much appreciated if someone could give me a list of the Admin powers over regular users or a link to something of this sort.

Thanks in advance
Question by:Mikagami
  • 2
  • 2

Author Comment

ID: 8012081
How does this work?

Expert Comment

ID: 8012293

okay. on a win2k system one way to see a list would be to go to:

start->programs->administrative tools->local security policy-> local policies -> user rights assignment

however, if you do not have administrative "powers" you may not be able to do so.

this should provide what you are looking for.


Accepted Solution

burneweb earned 320 total points
ID: 8012400
Here is the list of rights for the Administrators group:

Administrators Group - has full permissions and privileges. Assign users to the Administrators group with caution.
Install the operating system
Install and configure hardware device drivers
Install system services
Install service packs, hot fixes, and Windows updates
Upgrade the operating system
Repair the operating system
Install applications that modify the Windows system files
Configure password policies
Configure audit policies
Manage security logs
Create administrative shares
Create administrative accounts
Modify groups and accounts that have been created by other users
Remotely access the Registry
Stop or start any service
Configure services
Increase and manage disk quotas
Increase and mnage execution policies
Remotely shut down the system
Assign and manage user rights
Reenable locked-out and disabled accounts
Manage disk properties, including formatting hard drives
Modify systemwide environment variables
Access any data on the computer
Back up and restore all data

Hope this helps!


Expert Comment

ID: 8012413
Here is the rest to compare with:

Guests Group - has limited access to the computer. Members of this group can't change their desktop setup, and you normally must grant them explicit rights to do just about anything productive.
Users Group (also called restricted users - have very limited system acces. By default, all users who have been created on the computer, except Guest, are member of the Users local group.
Can run "certified" Windows 2000 applications, but may not provide sufficient rights and access permission to run some "legecy" indows NT 4.0 applications
Can't share folders (that is, designate them to be shared)
Can't install programs for use by other Users
Can't modify system wide settings, whether in the operating system, the registry, or applications
Users can't create local printers

Power Users (sometimes refered to as standard users - has fewer rights than the Administrators group, but more rights than the Users group.
Can create local user accounts and groups and offer resources for sharing across the network
Can modify the users and groups they they have created
Can create, manage and delete local printers
Can modify the system clock
Can install applications, as long as the applications don't install operating system services or modify operating system files
Can stop and start system services s long as they services don't start automatically
Can remove users from the Guests, Users and Power Users groups
Can't modify or delete user accounts that they did not create
Can't modify membership in the Administrators or Backup Operators groups
Can't take ownership of files

Backup Operators Group - members of the backup operators group have permissions to back up and restore the file system, even if they file system is NTFS and they do not have assigned permissions to access the file system. However, the members of this group can only access the file system through the Backup utility. There are no default members of the Backup Operators local group.

Replicator Group - is intended to support replication, which is a feature used by domain servers. Only domain users who will start the replication service should be assigned to this group. The Replicator local group has no default members.


Author Comment

ID: 8019340
Awesome, great list. I was also wondering if these facts hold true for WinNT? And what would be the difference between an admin share and admin account compared to each other and than compared to the power user account.

thanks again.

Featured Post

Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

NTFS file system has been developed by Microsoft that is widely used by Windows NT operating system and its advanced versions. It is the mostly used over FAT file system as it provides superior features like reliability, security, storage, efficienc…
Ready to kick start your career in 2018? Add app developer skills to your resume. January’s Course of the Month features Android App Development training with hands-on learning.  Read on to learn why these skills are important.
In a question here at Experts Exchange (https://www.experts-exchange.com/questions/29062564/Adobe-acrobat-reader-DC.html), a member asked how to create a signature in Adobe Acrobat Reader DC (the free Reader product, not the paid, full Acrobat produ…
Despite its rising prevalence in the business world, "the cloud" is still misunderstood. Some companies still believe common misconceptions about lack of security in cloud solutions and many misuses of cloud storage options still occur every day. …

581 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question