mutec1
asked on
User setup on a windows 2003 server
How are users setup on a windows 2003 server? Are they added into groups? How do user profiles work on a widows 2003 server?
Lee W, MVP
How is your server setup? A domain or workgroup?
ASKER
Domain
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Not sure how groups are setup and how users are added to those groups.
In the future if you provide a context in the question and details you could have answers faster.
ASKER
Thanks
Once Windows Server 2003 is installed and promoted to a domain controller several default domain local groups are created. Each of the groups are automatically assigned certain rights and adding a user to one of these built in groups will give them the right to perform specific tasks. You can use these default groups or you can create new ones based on your administrative model and practices. If you do add a user to one of these groups, make sure to review the rights assigned to them before hand to ensure you aren’t giving a user more administrative power than they need.
The default domain local groups within the Built-in container are described below.
Account Operators: Members of the account operators group can create, modify, and delete user, group and computer accounts with the exception of those accounts located within the Built-in folder and the Domain Controllers OU.
Administrators: Members of this group have full control within the domain.
Backup Operators: Members of this group can backup and restore data on all domain controllers within the domain.
Guests: Members of this group have limited access to the network.
Incoming Forest Trust Builders: Members of this group have the right to create one-way incoming trusts to the domain.
Network Configuration Operators: Members of this group can make changes to TCP/IP settings on all domain controllers within the domain.
Performance Log Users: Members of this group have access to schedule logging of performance counters on all domain controllers within the domain.
Performance Monitor Users: Members of this group have the right to monitor domain controllers.
Pre-Windows Compatible Access: This group if for backwards compatibility with Windows NT 4.0. Members of this group have read access on all user and group accounts within the domain.
Print Operators: Members are permitted to administer all domain printers.
Remote Desktop Users: Members have the right to remotely logon to domain controllers.
Replicator: This group is used by the file replication service to support directory replication.
Server Operators: Members of this group have the right to administer servers within the domain. They can perform tasks such as backup and restore data, log on locally, stop and start network services, format hard drives, and shut down the system.
Users: Members of this group have limited ability within a domain.
References:
http://support.microsoft.com/kb/816302/
http://technet2.microsoft.com/WindowsServer/en/library/f6e01e51-14ea-48f4-97fc-5288a9a4a9b11033.mspx?pf=true
The default domain local groups within the Built-in container are described below.
Account Operators: Members of the account operators group can create, modify, and delete user, group and computer accounts with the exception of those accounts located within the Built-in folder and the Domain Controllers OU.
Administrators: Members of this group have full control within the domain.
Backup Operators: Members of this group can backup and restore data on all domain controllers within the domain.
Guests: Members of this group have limited access to the network.
Incoming Forest Trust Builders: Members of this group have the right to create one-way incoming trusts to the domain.
Network Configuration Operators: Members of this group can make changes to TCP/IP settings on all domain controllers within the domain.
Performance Log Users: Members of this group have access to schedule logging of performance counters on all domain controllers within the domain.
Performance Monitor Users: Members of this group have the right to monitor domain controllers.
Pre-Windows Compatible Access: This group if for backwards compatibility with Windows NT 4.0. Members of this group have read access on all user and group accounts within the domain.
Print Operators: Members are permitted to administer all domain printers.
Remote Desktop Users: Members have the right to remotely logon to domain controllers.
Replicator: This group is used by the file replication service to support directory replication.
Server Operators: Members of this group have the right to administer servers within the domain. They can perform tasks such as backup and restore data, log on locally, stop and start network services, format hard drives, and shut down the system.
Users: Members of this group have limited ability within a domain.
References:
http://support.microsoft.com/kb/816302/
http://technet2.microsoft.com/WindowsServer/en/library/f6e01e51-14ea-48f4-97fc-5288a9a4a9b11033.mspx?pf=true