Administrative powers

Hi everyone,

My supervisor asked me to find some information on this O/S (win2k) about Administrative powers. The question was this. "What kind of extra privileges do Local Adminstrators have over regular users in Win2k"
I've looked all over the MS site but i never found any sort of list. Much appreciated if someone could give me a list of the Admin powers over regular users or a link to something of this sort.

Thanks in advance
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

MikagamiAuthor Commented:
How does this work?

okay. on a win2k system one way to see a list would be to go to:

start->programs->administrative tools->local security policy-> local policies -> user rights assignment

however, if you do not have administrative "powers" you may not be able to do so.

this should provide what you are looking for.

Here is the list of rights for the Administrators group:

Administrators Group - has full permissions and privileges. Assign users to the Administrators group with caution.
Install the operating system
Install and configure hardware device drivers
Install system services
Install service packs, hot fixes, and Windows updates
Upgrade the operating system
Repair the operating system
Install applications that modify the Windows system files
Configure password policies
Configure audit policies
Manage security logs
Create administrative shares
Create administrative accounts
Modify groups and accounts that have been created by other users
Remotely access the Registry
Stop or start any service
Configure services
Increase and manage disk quotas
Increase and mnage execution policies
Remotely shut down the system
Assign and manage user rights
Reenable locked-out and disabled accounts
Manage disk properties, including formatting hard drives
Modify systemwide environment variables
Access any data on the computer
Back up and restore all data

Hope this helps!


Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Here is the rest to compare with:

Guests Group - has limited access to the computer. Members of this group can't change their desktop setup, and you normally must grant them explicit rights to do just about anything productive.
Users Group (also called restricted users - have very limited system acces. By default, all users who have been created on the computer, except Guest, are member of the Users local group.
Can run "certified" Windows 2000 applications, but may not provide sufficient rights and access permission to run some "legecy" indows NT 4.0 applications
Can't share folders (that is, designate them to be shared)
Can't install programs for use by other Users
Can't modify system wide settings, whether in the operating system, the registry, or applications
Users can't create local printers

Power Users (sometimes refered to as standard users - has fewer rights than the Administrators group, but more rights than the Users group.
Can create local user accounts and groups and offer resources for sharing across the network
Can modify the users and groups they they have created
Can create, manage and delete local printers
Can modify the system clock
Can install applications, as long as the applications don't install operating system services or modify operating system files
Can stop and start system services s long as they services don't start automatically
Can remove users from the Guests, Users and Power Users groups
Can't modify or delete user accounts that they did not create
Can't modify membership in the Administrators or Backup Operators groups
Can't take ownership of files

Backup Operators Group - members of the backup operators group have permissions to back up and restore the file system, even if they file system is NTFS and they do not have assigned permissions to access the file system. However, the members of this group can only access the file system through the Backup utility. There are no default members of the Backup Operators local group.

Replicator Group - is intended to support replication, which is a feature used by domain servers. Only domain users who will start the replication service should be assigned to this group. The Replicator local group has no default members.

MikagamiAuthor Commented:
Awesome, great list. I was also wondering if these facts hold true for WinNT? And what would be the difference between an admin share and admin account compared to each other and than compared to the power user account.

thanks again.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows 2000

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.