100SECURITY
Active Directory - All Groups

Company: 100SECURITY - Domain: 100security.local - Date: 2019-07-06 - Owner: Marcos Henrique

Total Groups: 45

NameDescription
Access Control Assistance OperatorsMembers of this group can remotely query authorization attributes and permissions for resources on this computer.
Account OperatorsMembers can administer domain user and group accounts
AdministratorsAdministrators have complete and unrestricted access to the computer/domain
Allowed RODC Password Replication GroupMembers in this group can have their passwords replicated to all read-only domain controllers in the domain
Backup OperatorsBackup Operators can override security restrictions for the sole purpose of backing up or restoring files
Cert PublishersMembers of this group are permitted to publish certificates to the directory
Certificate Service DCOM AccessMembers of this group are allowed to connect to Certification Authorities in the enterprise
Cloneable Domain ControllersMembers of this group that are domain controllers may be cloned.
Cryptographic OperatorsMembers are authorized to perform cryptographic operations.
Denied RODC Password Replication GroupMembers in this group cannot have their passwords replicated to any read-only domain controllers in the domain
Distributed COM UsersMembers are allowed to launch, activate and use Distributed COM objects on this machine.
DnsAdminsDNS Administrators Group
DnsUpdateProxyDNS clients who are permitted to perform dynamic updates on behalf of some other clients (such as DHCP servers).
Domain AdminsDesignated administrators of the domain
Domain ComputersAll workstations and servers joined to the domain
Domain ControllersAll domain controllers in the domain
Domain GuestsAll domain guests
Domain UsersAll domain users
Enterprise AdminsDesignated administrators of the enterprise
Enterprise Read-only Domain ControllersMembers of this group are Read-Only Domain Controllers in the enterprise
Event Log ReadersMembers of this group can read event logs from local machine
Group Policy Creator OwnersMembers in this group can modify group policy for the domain
GuestsGuests have the same access as members of the Users group by default, except for the Guest account which is further restricted
Hyper-V AdministratorsMembers of this group have complete and unrestricted access to all features of Hyper-V.
IIS_IUSRSBuilt-in group used by Internet Information Services.
Incoming Forest Trust BuildersMembers of this group can create incoming, one-way trusts to this forest
Network Configuration OperatorsMembers in this group can have some administrative privileges to manage configuration of networking features
Performance Log UsersMembers of this group may schedule logging of performance counters, enable trace providers, and collect event traces both locally and via remote access to this computer
Performance Monitor UsersMembers of this group can access performance counter data locally and remotely
Pre-Windows 2000 Compatible AccessA backward compatibility group which allows read access on all users and groups in the domain
Print OperatorsMembers can administer domain printers
RAS and IAS ServersServers in this group can access remote access properties of users
RDS Endpoint ServersServers in this group run virtual machines and host sessions where users RemoteApp programs and personal virtual desktops run. This group needs to be populated on servers running RD Connection Broker. RD Session Host servers and RD Virtualization Host servers used in the deployment need to be in this group.
RDS Management ServersServers in this group can perform routine administrative actions on servers running Remote Desktop Services. This group needs to be populated on all servers in a Remote Desktop Services deployment. The servers running the RDS Central Management service must be included in this group.
RDS Remote Access ServersServers in this group enable users of RemoteApp programs and personal virtual desktops access to these resources. In Internet-facing deployments, these servers are typically deployed in an edge network. This group needs to be populated on servers running RD Connection Broker. RD Gateway servers and RD Web Access servers used in the deployment need to be in this group.
Read-only Domain ControllersMembers of this group are Read-Only Domain Controllers in the domain
Remote Desktop UsersMembers in this group are granted the right to logon remotely
Remote Management UsersMembers of this group can access WMI resources over management protocols (such as WS-Management via the Windows Remote Management service). This applies only to WMI namespaces that grant access to the user.
ReplicatorSupports file replication in a domain
Schema AdminsDesignated administrators of the schema
Server OperatorsMembers can administer domain servers
Terminal Server License ServersMembers of this group can update user accounts in Active Directory with information about license issuance, for the purpose of tracking and reporting TS Per User CAL usage
UsersUsers are prevented from making accidental or intentional system-wide changes and can run most applications
Windows Authorization Access GroupMembers of this group have access to the computed tokenGroupsGlobalAndUniversal attribute on User objects
WinRMRemoteWMIUsers__Members of this group can access WMI resources over management protocols (such as WS-Management via the Windows Remote Management service). This applies only to WMI namespaces that grant access to the user.


ADRT - Active Directory Report Tool