default GPOs for a Domain User?

Archived from groups: microsoft.public.win2000.group_policy (More info?)

Hi.
Using AD on windows 2003 server with windowsXP SP2 clients; if a user is
in the "Domain user" which rights does the user not have compared to an
administrator?

Does the help system or microsofts website have a list with all the
default "Domain user" rights/limitations listed?

I would like such a list to compare with the available GPO-settings, and
if possible not set the GPO whenever the Domain user is more locked.

Thanks.
2 answers Last reply
More about default gpos domain user
  1. Archived from groups: microsoft.public.win2000.group_policy (More info?)

    Hi,

    k schrieb:
    > Using AD on windows 2003 server with windowsXP SP2 clients; if a user is
    > in the "Domain user" which rights does the user not have compared to an
    > administrator?

    If you don´t manipulate the restricted group settings, the domain user
    is mapped to the local users group.

    Inside the XP helpsystem there is a overview and comparison of
    administrators, power users and users.

    ms-its:C:\WINDOWS\Help\SCEconcepts.chm::/windows_security_default_settings.htm
    ms-its:C:\WINDOWS\Help\SCEconcepts.chm::/sag_SEconceptsUnPrivs.htm

    Soryy I can´t find a default rights schema, that shows the domain user
    rights in a AD or on a DC. Take a look inside the security templates and
    the defdomconpol.


    Mark
    --
    Mark Heitbrink - MVP Windows Server
    Homepage: www.gruppenrichtlinien.de
    W2K FAQ : http://w2k-faq.ebend.de
    PM: Vorname@Homepage, Versende-Adresse wird nicht abgerufen.
  2. Archived from groups: microsoft.public.win2000.group_policy (More info?)

    >Using AD on windows 2003 server with windowsXP SP2 clients; if a user
    >is in the "Domain user" which rights does the user not have compared
    >to an administrator?
    >I would like such a list to compare with the available GPO-settings,
    >and
    >if possible not set the GPO whenever the Domain user is more locked.
    >
    >

    A Domain User is automatically part of the "Local Users Group" on a
    Windows XP workstation. Therefore they have as much access permission
    wise as you give them as a Local User.

    By default on a Windows XP (which is far more locked down than W2K)
    Domain Users have the write to create folders on C: and write into
    those folders. They have full access to their own Profile. Eg. They
    can change what they want with regards to Desktop etc. They cannot
    install software as they have no write access to Windows Directory or
    Program Files.

    Group Policies don’t take the place of permissions. You use them
    along WITH the permissions. Therefore Group Policy helps you lock down
    access to things like their desktop which you can’t do with
    permissions.

    Cheers,

    Lara

    --
    Posted using the http://www.windowsforumz.com interface, at author's request
    Articles individually checked for conformance to usenet standards
    Topic URL: http://www.windowsforumz.com/Group-Policy-default-GPOs-Domain-User-ftopict408988.html
    Visit Topic URL to contact author (reg. req'd). Report abuse: http://www.windowsforumz.com/eform.php?p=1361359
Ask a new question

Read More

Default Domain Windows Server 2003 Windows