Windows 2000 has two categories of built-in groups: local and system. Built-in groups have a predetermined set of user rights or group membership. Windows 2000 creates these groups for you so you don't have to create groups and assign rights and permissions for commonly used functions.
After this lesson, you will be able to
Estimated lesson time: 10 minutes
All standalone servers, member servers, and computers running Windows 2000 Professional have built-in local groups. Built-in local groups give rights to perform system tasks on a single computer, such as backing up and restoring files, changing the system time, and administering system resources. Windows 2000 places the built-in local groups into the Groups folder in Computer Management.
Table 7.2 describes the capabilities that members of the most commonly used built-in local groups have. Except where noted, there are no initial members in these groups.
Table 7.2 Built-In Local Groups
Local group | Description |
---|---|
Administrators | Members can perform all administrative tasks on the computer. By default, the built-in Administrator user account for the computer is a member. When a member server or a computer running Client for Microsoft Networks joins a domain, Windows 2000 adds the Domain Admins group to the local Administrators group. |
Backup Operators | Members can use Windows Backup to back up and restore the computer. |
Guests | Members can perform only tasks for which you have specifically granted rights and can gain access only to resources for which you have assigned permissions; members can't make permanent changes to their desktop environment. By default, the built-in Guest account for the computer is a member. When a member server or a computer running Client for Microsoft Networks joins a domain, Windows 2000 adds the Domain Guests group to the local Guests group. |
Power Users | Members can create and modify local user accounts on the computer and share resources. |
Replicator | Members support file replication in a domain. |
Users | Members can perform only tasks for which you have specifically granted rights and can gain access only to resources for which you have assigned permissions. By default, Windows 2000 adds local user accounts that you create on the computer to the Users group. When a member server or a computer running Windows 2000 Professional joins a domain, Windows 2000 adds the Domain Users group to the local Users group. |
Built-in system groups exist on all computers running Windows 2000. System groups don't have specific memberships that you can modify, but they can represent different users at different times, depending on how a user gains access to a computer or resource. You don't see system groups when you administer groups, but they are available for use when you assign rights and permissions to resources. Windows 2000 bases system group membership on how the computer is accessed, not on who uses the computer. Table 7.3 describes the most commonly used built-in system groups.
Table 7.3 Commonly Used Built-In System Groups
System group | Description |
---|---|
Everyone | Includes all users who access the computer. Be careful if you assign permissions to the Everyone group and enable the Guest account. Windows 2000 authenticates a user who does not have a valid user account as Guest. The user automatically gets all rights and permissions that you have assigned to the Everyone group. |
Authenticated Users | Includes all users with valid user accounts on the computer (or if your computer is part of a domain, it includes all users in Active Directory directory services). Use the Authenticated Users group instead of the Everyone group to prevent anonymous access to a resource. |
Creator Owner | Includes the user account for the user who created or took ownership of a resource. If a member of the Administrators group creates a resource, the Administrators group is owner of the resource. |
Network | Includes any user with a current connection from another computer on the network to a shared resource on the computer. |
Interactive | Includes the user account for the user who is logged on at the computer. Members of the Interactive group gain access to resources on the computer at which they are physically located. They log on and gain access to resources by "interacting" with the computer. |
Anonymous Logon | Includes any user account that Windows 2000 didn't authenticate. |
Dialup | Includes any user who currently has a dial-up connection. |
In this lesson, you learned that Windows 2000 has two categories of built-in groups: local and system. You also learned that built-in groups have a predetermined set of user rights or group membership. Windows 2000 creates these groups for you so you don't have to create groups and assign rights and permissions for commonly used functions.