Only a subset of these accounts may exist on a single system.
For a detailed description of the terms used refer to the Microsoft MSDN documentation.
A user account for the system administrator. This account is the first account created during operating system installation. The account cannot be deleted or locked out. It is a member of the Administrators group and cannot be removed from that group. Note that the local administrator of a system that is part of a Windows domain can be addressed by the expression.
\$(%COMPUTERNAME%)\Administrator
A user account for people who do not have individual accounts. This user account does not require a password. By default, the Guest account is disabled. Note that the local guest account of a system that is part of a Windows domain can be addressed by the expression
\$(%COMPUTERNAME%)\Guest
A global group whose members are authorized to administer the Windows domain. By default, the Domain Admins group is a member of the Administrators group on all computers that have joined a domain, including the domain controllers. Domain Admins is the default owner of any object that is created in the domain's Active Directory by any member of the group. If members of the group create other objects, such as files, the default owner is the Administrators group.
A global group that, by default, includes all user accounts in a Windows domain. When you create a user account in a domain, it is added to this group automatically.
A global group that, by default, has only one member, the Windows domain's built-in Guest account.
A group that exists only in the root domain of an Active Directory forest of Windows domains. It is a universal group if the domain is in native mode, a global group if the domain is in mixed mode. The group is authorized to make schema changes in Active Directory. By default, the only member of the group is the Administrator account for the forest root domain.
A group that exists only in the root domain of an Active Directory forest of Windows domains. It is a universal group if the domain is in native mode, a global group if the domain is in mixed mode. The group is authorized to make forest-wide changes in Active Directory, such as adding child domains. By default, the only member of the group is the Administrator account for the forest root domain.
A global group that is authorized to create new Group Policy objects in Active Directory. By default, the only member of the group is Administrator. The default owner of a new Group Policy object is usually the user who created it. If the user is a member of Administrators or Domain Admins, all objects created by the user are owned by the group. Owners have full control of the objects they own.
| Copyright © 2014 CA Technologies. All rights reserved. |
|