Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

"Domain Controller Builtin\Administrator" VS "Domain Administrator" - whats the difference

Posted on 2006-10-24
4
Medium Priority
?
963 Views
Last Modified: 2008-02-07
Hi All,


I work in a single domain enviroment.


What's the difference between the builting Domain Controller "Builtin\Administrator" and the "Domain Administrator" group.


The reason i ask is we have a lot of users in "Builtin\Administrator" group on the DC


Thanks
0
Comment
Question by:detox1978
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
4 Comments
 
LVL 25

Expert Comment

by:mikeleebrla
ID: 17798998
EXACLY where are you seeing the builtin\administrator group?
i'm not sure where the "domain administrator" group you are talking about comes from either, b/c in my domain all of the built in groups are called "xxx Admins" without the word administrator spelled out.  This domain has been upgraded from NT4, to 2000 to 2003 so that might be why though.

0
 
LVL 26

Accepted Solution

by:
Pber earned 1500 total points
ID: 17799240
For a file server the built in Administrators group has all the admin permissions and by default when it is added to the domain, Domain Admins gets added to the Local Adminstrators.

For the case of AD, the Built in Administrators group pretty much all the local permission to AD and by default the Domain Admins group is a member of the built in administrators.  Domain Admins\enterprise admins\Schema Admins are given addition permissions to the directory that being a member of the built in administrators won't give you.  Also being in Domain Admins by default gives you admin access to all member machines (desktops\servers).

So essentially,

Members of the built in adminstrators, they can do almost anything to AD user/group/computer objects, But they won't have access to the file servers or desktops.  However, they can add themselves to the Domain Admins group and have access to all computers in the domain.



0
 
LVL 25

Expert Comment

by:mikeleebrla
ID: 17799346
if you are seeing the 'builting\administrators" on NTFS permissions (the security tab on the properties of a file/folder" then that is the LOCAL admin group.  The domain admin group is a DOMAIN administrator group.  these are two completely different groups.  

>>The reason i ask is we have a lot of users in "Builtin\Administrator" group on the DC
this is what confuses me and why i asked that you explain EXACLY where you saw this.  B/C on a DC, there is no such thing as a local group.

0
 
LVL 2

Author Comment

by:detox1978
ID: 17801718
Thanks Pber, that was what i thought, but wanted it confirmed.


mikeleebrla, mikeleebrla, its in the "Builtin" OU.
0

Featured Post

Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

So you have two Windows Servers and you have a directory/folder/files on one that you'd like to mirror to the other?  You don't really want to deal with DFS or a 3rd party solution like Doubletake. You can use Robocopy from the Windows Server 200…
Recently, I had the need to build a standalone system to run a point-of-sale system. I’m running this on a low-voltage Atom processor, so I wanted a light-weight operating system, but still needed Windows. I chose to use Microsoft Windows Server 200…
In this video, Percona Solution Engineer Dimitri Vanoverbeke discusses why you want to use at least three nodes in a database cluster. To discuss how Percona Consulting can help with your design and architecture needs for your database and infras…
We’ve all felt that sense of false security before—locking down external access to a database or component and feeling like we’ve done all we need to do to secure company data. But that feeling is fleeting. Attacks these days can happen in many w…
Suggested Courses

610 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question