Sign in with
Sign up | Sign in
Your question

default GPOs for a Domain User?

Last response: in Windows 2000/NT
Share
August 15, 2005 7:38:55 PM

Archived from groups: microsoft.public.win2000.group_policy (More info?)

Hi.
Using AD on windows 2003 server with windowsXP SP2 clients; if a user is
in the "Domain user" which rights does the user not have compared to an
administrator?

Does the help system or microsofts website have a list with all the
default "Domain user" rights/limitations listed?

I would like such a list to compare with the available GPO-settings, and
if possible not set the GPO whenever the Domain user is more locked.

Thanks.
Anonymous
August 15, 2005 10:46:54 PM

Archived from groups: microsoft.public.win2000.group_policy (More info?)

Hi,

k schrieb:
> Using AD on windows 2003 server with windowsXP SP2 clients; if a user is
> in the "Domain user" which rights does the user not have compared to an
> administrator?

If you don´t manipulate the restricted group settings, the domain user
is mapped to the local users group.

Inside the XP helpsystem there is a overview and comparison of
administrators, power users and users.

ms-its:C:\WINDOWS\Help\SCEconcepts.chm::/windows_security_default_settings.htm
ms-its:C:\WINDOWS\Help\SCEconcepts.chm::/sag_SEconceptsUnPrivs.htm

Soryy I can´t find a default rights schema, that shows the domain user
rights in a AD or on a DC. Take a look inside the security templates and
the defdomconpol.


Mark
--
Mark Heitbrink - MVP Windows Server
Homepage: www.gruppenrichtlinien.de
W2K FAQ : http://w2k-faq.ebend.de
PM: Vorname@Homepage, Versende-Adresse wird nicht abgerufen.
Anonymous
August 18, 2005 5:35:52 AM

Archived from groups: microsoft.public.win2000.group_policy (More info?)

>Using AD on windows 2003 server with windowsXP SP2 clients; if a user
>is in the "Domain user" which rights does the user not have compared
>to an administrator?
>I would like such a list to compare with the available GPO-settings,
>and
>if possible not set the GPO whenever the Domain user is more locked.
>
>

A Domain User is automatically part of the "Local Users Group" on a
Windows XP workstation. Therefore they have as much access permission
wise as you give them as a Local User.

By default on a Windows XP (which is far more locked down than W2K)
Domain Users have the write to create folders on C: and write into
those folders. They have full access to their own Profile. Eg. They
can change what they want with regards to Desktop etc. They cannot
install software as they have no write access to Windows Directory or
Program Files.

Group Policies don’t take the place of permissions. You use them
along WITH the permissions. Therefore Group Policy helps you lock down
access to things like their desktop which you can’t do with
permissions.

Cheers,

Lara

--
Posted using the http://www.windowsforumz.com interface, at author's request
Articles individually checked for conformance to usenet standards
Topic URL: http://www.windowsforumz.com/Group-Policy-default-GPOs-...
Visit Topic URL to contact author (reg. req'd). Report abuse: http://www.windowsforumz.com/eform.php?p=1361359
!