Windows User Group Permissions

Built-in common group:

Administrators belong to the administators local group and have system administrator permissions. They have the maximum control permissions on this computer and can perform management tasks on the entire computer. The built-in system administrator account administrator is a member of the local group and cannot delete it from the group.
If the computer has been added to the domain, the Domain Admins of the domain is automatically added to the computer's Administrators Group. That is to say, the system administrator of the domain also has the privileges of the system administrator on this computer.

Backup Operators members in this group can use "start"-"AllProgram"-" Attachment "-" System Tools "-" backup "path to back up and restore these folders and files.

Guests is a group of users who do not have a user account but need to access resources in the local computer. Members of this group cannot change the working environment of their desktops permanently. The most common default member of this group is the user account guest.

Network Configuration Operators users in this group can perform general network setting tasks on the client, such as changing IP addresses, but cannot install/delete drivers and services, you cannot perform tasks related to network server settings, such as DNS server and DHCP server settings.

Power Users users in this group have more rights than the Users group, but have less rights than the Administrators group. For example, you can:
Create, delete, and change a local user account
Create, delete, and manage shared folders and printers on the Local Computer
Customize system settings, such as changing the computer time and disabling the computer

Members of the Power Users Group cannot change Administrators and Backup Operators, fail to take ownership of files, fail to back up and restore files, fail to install and delete device drivers, fail to manage security and audit logs.

Remote Desktop Users members in this group can log on to a remote computer, for example, using a terminal server to log on from a remote computer.

Users members only have some basic rights, such as running applications. However, they cannot modify operating system settings, modify data of other users, or shut down server-level computers.

All added local user accounts automatically belong to this group.

If the computer has been added to the domain, the domain users of the domain will be automatically added to the Users Group of the computer.

Built-in special group:

Any everone user belongs to this group. Note: When the Guest account is enabled, you must be careful when assigning permissions to the everone group, because when a user without an account connects to a computer, he is allowed to automatically use the Guest account to connect, but because guest also belongs to the everone group, it will have the permissions of everyone.

Authenticated Users any user connected by a valid user account belongs to this group. We recommend that you set the Authenticated Users Group as much as possible when setting the permission, instead of setting the everone group.

Any locally logged-on user of interactive belongs to this group.

Any user who connects to this computer through the network belongs to this group.

The creator of a resource, such as a folder, file, or print file, is the Creator Owner of the resource ). However, if the creator is a member of the Administrators group, the Creator Owner is the Administrators group.

Anonymous Logon belongs to any user who has not connected to the valid Windows Server 2003 account. Note: In Windows 2003, The everone group does not contain the "Anonymous Logon" group.

 

 

In addition, permissions are obtained at the intersection... How the bucket works.