This article describes some of the default security
settings in Windows 2000.
Back to the top
Some of the default security settings in Windows 2000
include:
Back to the top
Clean Installation
Windows 2000 Professional and Windows 2000 Server (Configured as a Member Server)
| • | Users (members of the Everyone and Users groups) do not
have broad write access to the system as in Microsoft Windows NT 4.0 and
earlier. Such users have read access to most parts of the system and write
access only under their own profile folders. |
| • | Power Users (members of the Power Users group) have all the
access that normal users and power users have in Windows NT 4.0 and earlier.
Such users have write access to parts of the system besides their own profile
folders. This enables them to install programs, and more. |
| • | Administrators have all the access they have always
had. |
Windows 2000 Server (Configured as a Domain Controller)
| • | Users do not have broad write access to the system. Such
users have read access to most parts of the system and write access only under
their own profile folders. Such users can only access domain controllers over
the network. Local logon to domain controllers is denied. |
| • | Server Operators, Account Operators, and other built-in
groups have the same access as in Windows NT 4.0 and earlier. |
| • | Administrators have all the access they have always
had. |
Back to the top
Upgrades
Computers upgraded from Windows NT 4.0 do not use the new default
security settings described above. Instead, all existing security settings are
maintained.
For more information, refer to the "Default Access
Control Settings in Windows 2000" white paper that is located at the following
Microsoft Web site:
In the event that the URL for this white paper has moved, you can
search the white paper at the following Microsoft Web site:
Back to the top
Help and Support
