Mikagami
asked on
Administrative powers
Hi everyone,
My supervisor asked me to find some information on this O/S (win2k) about Administrative powers. The question was this. "What kind of extra privileges do Local Adminstrators have over regular users in Win2k"
I've looked all over the MS site but i never found any sort of list. Much appreciated if someone could give me a list of the Admin powers over regular users or a link to something of this sort.
Thanks in advance
My supervisor asked me to find some information on this O/S (win2k) about Administrative powers. The question was this. "What kind of extra privileges do Local Adminstrators have over regular users in Win2k"
I've looked all over the MS site but i never found any sort of list. Much appreciated if someone could give me a list of the Admin powers over regular users or a link to something of this sort.
Thanks in advance
ummm....
okay. on a win2k system one way to see a list would be to go to:
start->programs->administr
however, if you do not have administrative "powers" you may not be able to do so.
this should provide what you are looking for.
okay. on a win2k system one way to see a list would be to go to:
start->programs->administr
however, if you do not have administrative "powers" you may not be able to do so.
this should provide what you are looking for.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Here is the rest to compare with:
Guests Group - has limited access to the computer. Members of this group can't change their desktop setup, and you normally must grant them explicit rights to do just about anything productive.
Users Group (also called restricted users - have very limited system acces. By default, all users who have been created on the computer, except Guest, are member of the Users local group.
Can run "certified" Windows 2000 applications, but may not provide sufficient rights and access permission to run some "legecy" indows NT 4.0 applications
Can't share folders (that is, designate them to be shared)
Can't install programs for use by other Users
Can't modify system wide settings, whether in the operating system, the registry, or applications
Users can't create local printers
Power Users (sometimes refered to as standard users - has fewer rights than the Administrators group, but more rights than the Users group.
Can create local user accounts and groups and offer resources for sharing across the network
Can modify the users and groups they they have created
Can create, manage and delete local printers
Can modify the system clock
Can install applications, as long as the applications don't install operating system services or modify operating system files
Can stop and start system services s long as they services don't start automatically
Can remove users from the Guests, Users and Power Users groups
Can't modify or delete user accounts that they did not create
Can't modify membership in the Administrators or Backup Operators groups
Can't take ownership of files
Backup Operators Group - members of the backup operators group have permissions to back up and restore the file system, even if they file system is NTFS and they do not have assigned permissions to access the file system. However, the members of this group can only access the file system through the Backup utility. There are no default members of the Backup Operators local group.
Replicator Group - is intended to support replication, which is a feature used by domain servers. Only domain users who will start the replication service should be assigned to this group. The Replicator local group has no default members.
Burneweb
Guests Group - has limited access to the computer. Members of this group can't change their desktop setup, and you normally must grant them explicit rights to do just about anything productive.
Users Group (also called restricted users - have very limited system acces. By default, all users who have been created on the computer, except Guest, are member of the Users local group.
Can run "certified" Windows 2000 applications, but may not provide sufficient rights and access permission to run some "legecy" indows NT 4.0 applications
Can't share folders (that is, designate them to be shared)
Can't install programs for use by other Users
Can't modify system wide settings, whether in the operating system, the registry, or applications
Users can't create local printers
Power Users (sometimes refered to as standard users - has fewer rights than the Administrators group, but more rights than the Users group.
Can create local user accounts and groups and offer resources for sharing across the network
Can modify the users and groups they they have created
Can create, manage and delete local printers
Can modify the system clock
Can install applications, as long as the applications don't install operating system services or modify operating system files
Can stop and start system services s long as they services don't start automatically
Can remove users from the Guests, Users and Power Users groups
Can't modify or delete user accounts that they did not create
Can't modify membership in the Administrators or Backup Operators groups
Can't take ownership of files
Backup Operators Group - members of the backup operators group have permissions to back up and restore the file system, even if they file system is NTFS and they do not have assigned permissions to access the file system. However, the members of this group can only access the file system through the Backup utility. There are no default members of the Backup Operators local group.
Replicator Group - is intended to support replication, which is a feature used by domain servers. Only domain users who will start the replication service should be assigned to this group. The Replicator local group has no default members.
Burneweb
ASKER
Awesome, great list. I was also wondering if these facts hold true for WinNT? And what would be the difference between an admin share and admin account compared to each other and than compared to the power user account.
thanks again.
thanks again.
ASKER