Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 970
  • Last Modified:

"Domain Controller Builtin\Administrator" VS "Domain Administrator" - whats the difference

Hi All,


I work in a single domain enviroment.


What's the difference between the builting Domain Controller "Builtin\Administrator" and the "Domain Administrator" group.


The reason i ask is we have a lot of users in "Builtin\Administrator" group on the DC


Thanks
0
detox1978
Asked:
detox1978
  • 2
1 Solution
 
mikeleebrlaCommented:
EXACLY where are you seeing the builtin\administrator group?
i'm not sure where the "domain administrator" group you are talking about comes from either, b/c in my domain all of the built in groups are called "xxx Admins" without the word administrator spelled out.  This domain has been upgraded from NT4, to 2000 to 2003 so that might be why though.

0
 
PberSolutions ArchitectCommented:
For a file server the built in Administrators group has all the admin permissions and by default when it is added to the domain, Domain Admins gets added to the Local Adminstrators.

For the case of AD, the Built in Administrators group pretty much all the local permission to AD and by default the Domain Admins group is a member of the built in administrators.  Domain Admins\enterprise admins\Schema Admins are given addition permissions to the directory that being a member of the built in administrators won't give you.  Also being in Domain Admins by default gives you admin access to all member machines (desktops\servers).

So essentially,

Members of the built in adminstrators, they can do almost anything to AD user/group/computer objects, But they won't have access to the file servers or desktops.  However, they can add themselves to the Domain Admins group and have access to all computers in the domain.



0
 
mikeleebrlaCommented:
if you are seeing the 'builting\administrators" on NTFS permissions (the security tab on the properties of a file/folder" then that is the LOCAL admin group.  The domain admin group is a DOMAIN administrator group.  these are two completely different groups.  

>>The reason i ask is we have a lot of users in "Builtin\Administrator" group on the DC
this is what confuses me and why i asked that you explain EXACLY where you saw this.  B/C on a DC, there is no such thing as a local group.

0
 
detox1978Author Commented:
Thanks Pber, that was what i thought, but wanted it confirmed.


mikeleebrla, mikeleebrla, its in the "Builtin" OU.
0

Featured Post

Configuration Guide and Best Practices

Read the guide to learn how to orchestrate Data ONTAP, create application-consistent backups and enable fast recovery from NetApp storage snapshots. Version 9.5 also contains performance and scalability enhancements to meet the needs of the largest enterprise environments.

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now