Export (0) Print
Expand All

3.1.4.2 Default Accounts

The following accounts MUST be present in a server's database.<33>

Non-DC configuration, user accounts.

Name

Domain

Rid

userAccountControl

Administrator

Account

500

UF_NORMAL_ACCOUNT |

UF_DONT_EXPIRE_PASSWORD

Guest

Account

501

UF_NORMAL_ACCOUNT |

UF_ACCOUNTDISABLE |

UF_DONT_EXPIRE_PASSWORD

Non-DC configuration, alias accounts.

Name

Domain

Rid

Member

Administrators

Built-in

544

Administrator

Users

Built-in

545

 

Guests

Built-in

546

Guest

Power Users

Built-in

547

 

Print Operators

Built-in

550

 

Backup Operators

Built-in

551

 

Replicator

Built-in

552

 

Remote Desktop Users

Built-in

555

 

Network Configuration Operators

Built-in

556

 

Performance Monitor Users

Built-in

558

 

Performance Log Users

Built-in

559

 

Distributed COM Users

Built-in

562

 

IIS_IUSRS

Built-in

568

IUSR

Cryptographic Operators

Built-in

569

 

Event Log Readers

Built-in

573

 

DC configuration, user accounts.

Name

Domain

Rid

userAccountControl

Administrator

Account

500

UF_NORMAL_ACCOUNT |

UF_DONT_EXPIRE_PASSWORD

Guest

Account

501

UF_NORMAL_ACCOUNT |

UF_ACCOUNTDISABLE |

UF_DONT_EXPIRE_PASSWORD

krbtgt

Account

502

UF_NORMAL_ACCOUNT |

UF_ACCOUNTDISABLE

DC configuration, universal group accounts (only on root domain).

Name

Domain

Rid

Member

Schema Admins

Account

518

Administrator

Enterprise Admins

Account

519

Administrator

Enterprise Read-only Domain Controllers

Account

498

 

DC configuration, group accounts.

Name

Domain

Rid

Member

Domain Admins

Account

512

Administrator

Domain Users

Account

513

 

Domain Guests

Account

514

Guest

Domain Computers

Account

515

 

Domain Controllers

Account

516

 

Group Policy Creator Owners

Account

520

Administrator

Read-only Domain Controllers

Account

521

 

DC configuration, alias accounts.

Name

Domain

Rid

Member

Administrators

Built-in

544

Domain Admins,

Administrator,

Enterprise Admins

Users

Built-in

545

Domain Users

Guests

Built-in

546

Domain Guests,

Guest

Account Operators

Built-in

548

 

System Operators

Built-in

549

 

Print Operators

Built-in

550

 

Backup Operators

Built-in

551

 

Replicator

Built-in

552

 

Cert Publishers

Account

517

 

RAS and IAS Servers

Account

553

 

* Pre-Windows 2000 operating system Compatible Access

Built-in

554

Everyone,

Anonymous Logon,

Authenticated Users

Remote Desktop Users

Built-in

555

 

Network Configuration Operators

Built-in

556

 

Incoming Forest Trust Builders

Built-in

557

 

Performance Monitor Users

Built-in

558

 

Performance Log Users

Built-in

559

 

Windows Authorization Access Group

Built-in

560

Enterprise Domain Controllers

Terminal Server License Servers

Built-in

561

 

Distributed COM Users

Built-in

562

 

IIS_IUSRS

Built-in

568

IUSR

Cryptographic Operators

Built-in

569

 

Allowed RODC Password Replication Group

Account

571

 

Denied RODC Password Replication Group

Account

572

Group Policy Creator Owners,

Domain Admins,

Cert Publishers,

Domain Controllers,

Krbtgt,

Enterprise Admins,

Schema Admins,

Read-only Domain Controllers

Event Log Readers

Built-in

573

 

Certificate Service DCOM Access

Built-in

574

 

* The information about Pre-Windows 2000 Compatible Access is qualified by the following product behavior note.<34>

 
Show:
© 2014 Microsoft