Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
The following accounts MUST be present in a server's database.<41>
Non-DC configuration, user accounts.
|
Name |
Domain |
Rid |
userAccountControl |
|---|---|---|---|
|
Administrator |
Account |
500 |
UF_NORMAL_ACCOUNT | UF_DONT_EXPIRE_PASSWORD |
|
Guest |
Account |
501 |
UF_NORMAL_ACCOUNT | UF_ACCOUNTDISABLE | UF_DONT_EXPIRE_PASSWORD |
Non-DC configuration, alias accounts.
|
Name |
Domain |
Rid |
Member |
|---|---|---|---|
|
Administrators |
Built-in |
544 |
Administrator |
|
Users |
Built-in |
545 |
|
|
Guests |
Built-in |
546 |
Guest |
|
Power Users |
Built-in |
547 |
|
|
Print Operators |
Built-in |
550 |
|
|
Backup Operators |
Built-in |
551 |
|
|
Replicator |
Built-in |
552 |
|
|
Remote Desktop Users |
Built-in |
555 |
|
|
Network Configuration Operators |
Built-in |
556 |
|
|
Performance Monitor Users |
Built-in |
558 |
|
|
Performance Log Users |
Built-in |
559 |
|
|
Distributed COM Users |
Built-in |
562 |
|
|
IIS_IUSRS |
Built-in |
568 |
IUSR |
|
Cryptographic Operators |
Built-in |
569 |
|
|
Event Log Readers |
Built-in |
573 |
|
DC configuration, user accounts.
|
Name |
Domain |
Rid |
userAccountControl |
|---|---|---|---|
|
Administrator |
Account |
500 |
UF_NORMAL_ACCOUNT | UF_DONT_EXPIRE_PASSWORD |
|
Guest |
Account |
501 |
UF_NORMAL_ACCOUNT | UF_ACCOUNTDISABLE | UF_DONT_EXPIRE_PASSWORD |
|
krbtgt |
Account |
502 |
UF_NORMAL_ACCOUNT | UF_ACCOUNTDISABLE |
DC configuration, universal group accounts (only on root ___domain).
|
Name |
Domain |
Rid |
Member |
|---|---|---|---|
|
Schema Admins |
Account |
518 |
Administrator |
|
Enterprise Admins |
Account |
519 |
Administrator |
|
Enterprise Read-only Domain Controllers |
Account |
498 |
|
DC configuration, group accounts.
|
Name |
Domain |
Rid |
Member |
|---|---|---|---|
|
Domain Admins |
Account |
512 |
Administrator |
|
Domain Users |
Account |
513 |
|
|
Domain Guests |
Account |
514 |
Guest |
|
Domain Computers |
Account |
515 |
|
|
Domain Controllers |
Account |
516 |
|
|
Group Policy Creator Owners |
Account |
520 |
Administrator |
|
Read-only Domain Controllers |
Account |
521 |
|
DC configuration, alias accounts.
|
Name |
Domain |
Rid |
Member |
|---|---|---|---|
|
Administrators |
Built-in |
544 |
Administrator, Enterprise Admins |
|
Users |
Built-in |
545 |
Domain Users |
|
Guests |
Built-in |
546 |
Domain Guests, Guest |
|
Account Operators |
Built-in |
548 |
|
|
System Operators |
Built-in |
549 |
|
|
Print Operators |
Built-in |
550 |
|
|
Backup Operators |
Built-in |
551 |
|
|
Replicator |
Built-in |
552 |
|
|
Cert Publishers |
Account |
517 |
|
|
RAS and IAS Servers |
Account |
553 |
|
|
* Pre-Windows 2000 operating system Compatible Access |
Built-in |
554 |
Everyone, Anonymous Logon, Authenticated Users |
|
Remote Desktop Users |
Built-in |
555 |
|
|
Network Configuration Operators |
Built-in |
556 |
|
|
Incoming Forest Trust Builders |
Built-in |
557 |
|
|
Performance Monitor Users |
Built-in |
558 |
|
|
Performance Log Users |
Built-in |
559 |
|
|
Windows Authorization Access Group |
Built-in |
560 |
Enterprise Domain Controllers |
|
Terminal Server License Servers |
Built-in |
561 |
|
|
Distributed COM Users |
Built-in |
562 |
|
|
IIS_IUSRS |
Built-in |
568 |
IUSR |
|
Cryptographic Operators |
Built-in |
569 |
|
|
Allowed RODC Password Replication Group |
Account |
571 |
|
|
Denied RODC Password Replication Group |
Account |
572 |
Group Policy Creator Owners, Domain Admins, Cert Publishers, Domain Controllers, Krbtgt, Enterprise Admins, Schema Admins, Read-only Domain Controllers |
|
Event Log Readers |
Built-in |
573 |
|
|
Certificate Service DCOM Access |
Built-in |
574 |
|
* The information about Pre-Windows 2000 Compatible Access is qualified by the following product behavior note.<42>