Overview

A local user or group is an account that can be granted permissions and rights from a local computer. Domain or global users and groups are managed by the network administrator. Local users, global users, and global groups can be added to local groups. However, local users and groups cannot be added to global groups.

Users and groups are important in Windows 2000 security because they can be used to control the ability of users and groups to perform certain actions by assigning them specific rights and permissions. A right authorizes a user to perform certain actions on a computer, such as backing up files and folders or shutting down a computer. A permission is a rule associated with an object (usually a file, folder, or printer), and it regulates which users can have access to the object and in what manner.

Appendix D of the Windows 2000 Security Configuration Guide provides a description of the user and group accounts available in Windows 2000 and the account requirements and recommendations for the Evaluated Configuration.