UEU-co logo


Previous Page Next Page

Using Default Groups

Default, or predefined, groups are found in the Active Directory (meaning, on a Server 2008 domain controller). These groups have been assigned user rights so that members of a particular default group can perform specific actions in the domain. Not only are these groups created automatically when you set up your domain controller, but some of them add members automatically.

Did you Know?

In the Server Manager, expand the Roles node and then expand the Active Directory Domain Services node to access the Active Directory Users and Computers snap-in. To open the Active Directory Users and Computers snap-in in the MMC select Start, Administrative Tools, and then Active Directory Users and Computers.

To view these groups, open the Active Directory Users and Computers snap-in (in the MMC or in the Server Manager). Expand the Active Directory Users and Computers node (snap-in) and then select the Users folder. The number of default groups is based on the functional level you have set for the forest (and the domain controller). Assuming that you are using the Windows Server 2008 functional level (as shown in Figure 9.1), a number of groups are provided by default.

Figure 9.1. The default groups in the Users folder.

[View full size image]

These groups include domain local, global, and universal group types. Four important groups are defined in the list that follows:

Although four default groups are discussed here, you will find that a number of other security groups, such as the Group Policy Creator Owners (Group Policy is discussed in Hour 11, “Deploying Group Policy and Network Access Protection”), are available by default. You will have other predefined groups on your server, depending on the services that have been installed. For example, if your domain controller is also a DNS (Domain Name Service) server, there will be a predefined DnsAdmins group. This group serves as the administrative group for the Domain Name Service (DNS is discussed in Hour 15, “Understanding the Domain Name Service”).

Built-in Groups

Windows Server 2008 also provides a number of built-in domain local groups. For the most part, these groups provide users with the permissions needed to perform certain tasks on your domain controllers and in the Active Directory. The default Users group contains all the users in your domain. Domain local groups typically relate to specific tasks on the network such as Backup Operators, Performance Monitor Users, and Remote Desktop Users. All the built-in groups are security groups.

Figure 9.2 shows the default groups available in the Builtin folder. Some of the often-used built-in domain local groups are as follows:

Figure 9.2. The built-in domain local groups.

[View full size image]

Although you aren’t required to use these groups, be advised that they have already been assigned permissions that relate to getting certain jobs done in the domain. Adding a user to the Print Operators group, for example, immediately gives that user the capability to set up printers in the domain. Using the group’s predefined permissions saves you from having to assign these same permissions to individual users or creating a group of your own and assigning the permissions to the group.

Previous Page Next Page

Leave a Reply

Time limit is exhausted. Please reload the CAPTCHA.


apply_nowPepperstone Group Limited