User and user group description for Windows

1. Basic User Group

Administrators

Users who belong to the Administators local group have the privileges of the system administrator, who have the greatest control over the computer and can perform administrative tasks for the entire computer. The built-in System administrator account Administrator is a member of the local group and cannot be removed from the group.

If this computer is joined to a domain, Domain Admins of the domains are automatically added to the computer's Administrators group. In other words, the system administrator on the domain also has the privileges of the system administrator on this machine.

Backup OPerators

Members within the group, whether or not they have access to folders or files on this computer, can back up and restore these folders and files through the start-All Programs-attachments-System Tools-backup path.

Guests

This group is available to users who do not have a user account but need access to resources within the local computer, and members of that group cannot permanently change the working environment of their desktops. The most common default member of this group is User account guest.

Network Configuration Operators

Users within this group can perform general network setup tasks on the client, such as changing the IP address, but cannot install/remove drivers and services, or perform tasks related to network server settings, such as DNS servers, DHCP server settings.

Power Users

Users within this group have more rights than the Users group, but have less rights than the Administrators group, for example, you can:

Create, delete, and change local user accounts

Create, delete, and manage shared folders and shared printers within the local computer

Customize system settings, such as changing the computer time, shutting down the computer, and so on

However, you cannot change administrators and backup Operators, take ownership of files, cannot back up and restore files, cannot install delete and remove device drivers, and cannot manage security and audit logs.

Remote Desktop Users

Members of this group can log on through a remote computer, for example, by using a Terminal server to log on from a remote computer.

Users

The team member has some basic rights, such as running the application, but they cannot modify the operating system settings, change other users ' data, or shut down the server-level computer.

All added local user accounts are automatically owned by this group. If this computer is already joined to a domain, the domain users of the domains are automatically added to the computer's Users group.

2. Built-in special group:

Everone

Any one user belongs to this group. Note that if the Guest account is enabled, you must be careful when assigning permissions to the Everone group, because when a user without an account connects to the computer, he is allowed to automatically connect with the Guest account, but because guest is also part of the Everone group, So he will have the privileges that everyone has.

Authenticated Users

Any user who connects with a valid user account belongs to this group. It is recommended that you set the permissions as much as possible for the Authenticated Users group, rather than setting them for everone.

Interactive

Any user who is logged on locally belongs to this group.

Network

Any user who connects to this computer over the network belongs to this group.

Creator Owner

The creator of a resource, such as a folder, file, or print file, is the Creator Owner (creator Owner) of the resource. However, if the creator belongs to a member within the Administrators group, its creator owner is the Administrators group.

Anonymous Logon

Any user who is not connected with a valid Windows Server 2003 account belongs to this group. Note that within Windows 2003, the Everone group does not contain the "Anonymous Logon" group

3. Remark:

User name LOCAL service, NETWORK service, System users, is the system comes with instead of viruses or intrusion, are normal users. The BUILTIN in the registry is the meaning of built in, which means that the built-in account is normal.

User and user group description for Windows