Archived from groups: microsoft.public.win2000.group_policy (More info?)
>Using AD on windows 2003 server with windowsXP SP2 clients; if a user
>is in the "Domain user" which rights does the user not have compared
>to an administrator?
>I would like such a list to compare with the available GPO-settings,
>if possible not set the GPO whenever the Domain user is more locked.
A Domain User is automatically part of the "Local Users Group" on a
Windows XP workstation. Therefore they have as much access permission
wise as you give them as a Local User.
By default on a Windows XP (which is far more locked down than W2K)
Domain Users have the write to create folders on C: and write into
those folders. They have full access to their own Profile. Eg. They
can change what they want with regards to Desktop etc. They cannot
install software as they have no write access to Windows Directory or
Group Policies donâ€™t take the place of permissions. You use them
along WITH the permissions. Therefore Group Policy helps you lock down
access to things like their desktop which you canâ€™t do with