default GPOs for a Domain User?

[Deleted member k]

Archived from groups: microsoft.public.win2000.group_policy (More info?)

Hi.
Using AD on windows 2003 server with windowsXP SP2 clients; if a user is
in the "Domain user" which rights does the user not have compared to an
administrator?

Does the help system or microsofts website have a list with all the
default "Domain user" rights/limitations listed?

I would like such a list to compare with the available GPO-settings, and
if possible not set the GPO whenever the Domain user is more locked.

Thanks.

 

[Guest]

Archived from groups: microsoft.public.win2000.group_policy (More info?)

Hi,

k schrieb:
> Using AD on windows 2003 server with windowsXP SP2 clients; if a user is
> in the "Domain user" which rights does the user not have compared to an
> administrator?

If you don´t manipulate the restricted group settings, the domain user
is mapped to the local users group.

Inside the XP helpsystem there is a overview and comparison of
administrators, power users and users.

ms-its:C:\WINDOWS\Help\SCEconcepts.chm::/windows_security_default_settings.htm
ms-its:C:\WINDOWS\Help\SCEconcepts.chm::/sag_SEconceptsUnPrivs.htm

Soryy I can´t find a default rights schema, that shows the domain user
rights in a AD or on a DC. Take a look inside the security templates and
the defdomconpol.


Mark
--
Mark Heitbrink - MVP Windows Server
Homepage: www.gruppenrichtlinien.de
W2K FAQ : http://w2k-faq.ebend.de
PM: Vorname@Homepage, Versende-Adresse wird nicht abgerufen.

 

[Guest]

Archived from groups: microsoft.public.win2000.group_policy (More info?)

>Using AD on windows 2003 server with windowsXP SP2 clients; if a user
>is in the "Domain user" which rights does the user not have compared
>to an administrator?
>I would like such a list to compare with the available GPO-settings,
>and
>if possible not set the GPO whenever the Domain user is more locked.
>
>

A Domain User is automatically part of the "Local Users Group" on a
Windows XP workstation. Therefore they have as much access permission
wise as you give them as a Local User.

By default on a Windows XP (which is far more locked down than W2K)
Domain Users have the write to create folders on C: and write into
those folders. They have full access to their own Profile. Eg. They
can change what they want with regards to Desktop etc. They cannot
install software as they have no write access to Windows Directory or
Program Files.

Group Policies don’t take the place of permissions. You use them
along WITH the permissions. Therefore Group Policy helps you lock down
access to things like their desktop which you can’t do with
permissions.

Cheers,

Lara

--
Posted using the http://www.windowsforumz.com interface, at author's request
Articles individually checked for conformance to usenet standards
Topic URL: http://www.windowsforumz.com/Group-Policy-default-GPOs-Domain-User-ftopict408988.html
Visit Topic URL to contact author (reg. req'd). Report abuse: http://www.windowsforumz.com/eform.php?p=1361359