Administrative powers

Posted on 2003-02-24
Medium Priority
Last Modified: 2010-08-05
Hi everyone,

My supervisor asked me to find some information on this O/S (win2k) about Administrative powers. The question was this. "What kind of extra privileges do Local Adminstrators have over regular users in Win2k"
I've looked all over the MS site but i never found any sort of list. Much appreciated if someone could give me a list of the Admin powers over regular users or a link to something of this sort.

Thanks in advance
Question by:Mikagami
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2

Author Comment

ID: 8012081
How does this work?

Expert Comment

ID: 8012293

okay. on a win2k system one way to see a list would be to go to:

start->programs->administrative tools->local security policy-> local policies -> user rights assignment

however, if you do not have administrative "powers" you may not be able to do so.

this should provide what you are looking for.


Accepted Solution

burneweb earned 320 total points
ID: 8012400
Here is the list of rights for the Administrators group:

Administrators Group - has full permissions and privileges. Assign users to the Administrators group with caution.
Install the operating system
Install and configure hardware device drivers
Install system services
Install service packs, hot fixes, and Windows updates
Upgrade the operating system
Repair the operating system
Install applications that modify the Windows system files
Configure password policies
Configure audit policies
Manage security logs
Create administrative shares
Create administrative accounts
Modify groups and accounts that have been created by other users
Remotely access the Registry
Stop or start any service
Configure services
Increase and manage disk quotas
Increase and mnage execution policies
Remotely shut down the system
Assign and manage user rights
Reenable locked-out and disabled accounts
Manage disk properties, including formatting hard drives
Modify systemwide environment variables
Access any data on the computer
Back up and restore all data

Hope this helps!


Expert Comment

ID: 8012413
Here is the rest to compare with:

Guests Group - has limited access to the computer. Members of this group can't change their desktop setup, and you normally must grant them explicit rights to do just about anything productive.
Users Group (also called restricted users - have very limited system acces. By default, all users who have been created on the computer, except Guest, are member of the Users local group.
Can run "certified" Windows 2000 applications, but may not provide sufficient rights and access permission to run some "legecy" indows NT 4.0 applications
Can't share folders (that is, designate them to be shared)
Can't install programs for use by other Users
Can't modify system wide settings, whether in the operating system, the registry, or applications
Users can't create local printers

Power Users (sometimes refered to as standard users - has fewer rights than the Administrators group, but more rights than the Users group.
Can create local user accounts and groups and offer resources for sharing across the network
Can modify the users and groups they they have created
Can create, manage and delete local printers
Can modify the system clock
Can install applications, as long as the applications don't install operating system services or modify operating system files
Can stop and start system services s long as they services don't start automatically
Can remove users from the Guests, Users and Power Users groups
Can't modify or delete user accounts that they did not create
Can't modify membership in the Administrators or Backup Operators groups
Can't take ownership of files

Backup Operators Group - members of the backup operators group have permissions to back up and restore the file system, even if they file system is NTFS and they do not have assigned permissions to access the file system. However, the members of this group can only access the file system through the Backup utility. There are no default members of the Backup Operators local group.

Replicator Group - is intended to support replication, which is a feature used by domain servers. Only domain users who will start the replication service should be assigned to this group. The Replicator local group has no default members.


Author Comment

ID: 8019340
Awesome, great list. I was also wondering if these facts hold true for WinNT? And what would be the difference between an admin share and admin account compared to each other and than compared to the power user account.

thanks again.

Featured Post

How Blockchain Is Impacting Every Industry

Blockchain expert Alex Tapscott talks to Acronis VP Frank Jablonski about this revolutionary technology and how it's making inroads into other industries and facets of everyday life.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

NTFS file system has been developed by Microsoft that is widely used by Windows NT operating system and its advanced versions. It is the mostly used over FAT file system as it provides superior features like reliability, security, storage, efficienc…
An introduction to the wonderful sport of Scam Baiting.  Learn how to help fight scammers by beating them at their own game. This great pass time helps the world, while providing an endless source of entertainment. Enjoy!
If you’ve ever visited a web page and noticed a cool font that you really liked the look of, but couldn’t figure out which font it was so that you could use it for your own work, then this video is for you! In this Micro Tutorial, you'll learn yo…
Have you created a query with information for a calendar? ... and then, abra-cadabra, the calendar is done?! I am going to show you how to make that happen. Visualize your data!  ... really see it To use the code to create a calendar from a q…
Suggested Courses
Course of the Month11 days, 22 hours left to enroll

752 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question