Windows User Group Permissions

Source: Internet
Author: User

Built-in common group:

Administrators belong to the administators local group and have system administrator permissions. They have the maximum control permissions on this computer and can perform management tasks on the entire computer. The built-in system administrator account administrator is a member of the local group and cannot delete it from the group.
If the computer has been added to the domain, the Domain Admins of the domain is automatically added to the computer's Administrators Group. That is to say, the system administrator of the domain also has the privileges of the system administrator on this computer.

Backup Operators members in this group can use "start"-"AllProgram"-" Attachment "-" System Tools "-" backup "path to back up and restore these folders and files.

Guests is a group of users who do not have a user account but need to access resources in the local computer. Members of this group cannot change the working environment of their desktops permanently. The most common default member of this group is the user account guest.

Network Configuration Operators users in this group can perform general network setting tasks on the client, such as changing IP addresses, but cannot install/delete drivers and services, you cannot perform tasks related to network server settings, such as DNS server and DHCP server settings.

Power Users users in this group have more rights than the Users group, but have less rights than the Administrators group. For example, you can:
Create, delete, and change a local user account
Create, delete, and manage shared folders and printers on the Local Computer
Customize system settings, such as changing the computer time and disabling the computer

Members of the Power Users Group cannot change Administrators and Backup Operators, fail to take ownership of files, fail to back up and restore files, fail to install and delete device drivers, fail to manage security and audit logs.

Remote Desktop Users members in this group can log on to a remote computer, for example, using a terminal server to log on from a remote computer.

Users members only have some basic rights, such as running applications. However, they cannot modify operating system settings, modify data of other users, or shut down server-level computers.

All added local user accounts automatically belong to this group.

If the computer has been added to the domain, the domain users of the domain will be automatically added to the Users Group of the computer.

Built-in special group:

Any everone user belongs to this group. Note: When the Guest account is enabled, you must be careful when assigning permissions to the everone group, because when a user without an account connects to a computer, he is allowed to automatically use the Guest account to connect, but because guest also belongs to the everone group, it will have the permissions of everyone.

Authenticated Users any user connected by a valid user account belongs to this group. We recommend that you set the Authenticated Users Group as much as possible when setting the permission, instead of setting the everone group.

Any locally logged-on user of interactive belongs to this group.

Any user who connects to this computer through the network belongs to this group.

The creator of a resource, such as a folder, file, or print file, is the Creator Owner of the resource ). However, if the creator is a member of the Administrators group, the Creator Owner is the Administrators group.

Anonymous Logon belongs to any user who has not connected to the valid Windows Server 2003 account. Note: In Windows 2003, The everone group does not contain the "Anonymous Logon" group.



In addition, permissions are obtained at the intersection... How the bucket works.

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.