Windows 2000 User Permissions

by Johannes Helmig [Published on 3 June 2001 / Last Updated on 3 June 2001]

When creating new Users in Windows 2000, you define their rights/privileges by defining
the users to be a member of a group.
The rights/privileges of a user are based on the rights/privileges of the groups,
so a right/privilege is assigned to a user by make the user a member of a group,
which has the required right/privilege.

To view/modify these rights/privileges, view the "Administrative Tools":

then: "Computer Management":

"Computer Management" allows also User-Management (add/delete users), but offers
some advanced options not available in the more simple User-Applet, for example:
it shows in the overview, that the user-account for "GUEST" is de-activated:

It allows to view the predefined Groups and to add custom-groups:

While creating a new group,
users can be added immedialety to
be a member of the group.

But users can be added later
to become a member of a group.

But to see in detail the permission/rights/provileges of a group, you need to "drill down"
in the "Group - Policies" 4 levels down:

Here you find the list of rights/privileges for all the jobs on your system, from:
- Accessing this computer from the Network
- Backup files and directories
- Restore files and directories (yes, it is a different right/privilege)
- Load and unload device drivers --> Configure hardware, reserved for Administrators.

You can view in detail the list of groups with each right/privilege:

For example: "regular users" do not have the right/permission/privilege to make backups.

To enable another group (one of the predefined or our own-defined groups) to have a
right/privilege (like: make a backup), you need to add your group to the list:

Select from the list of defined groups your group and "add" it:

In summary: everytime, when you are rejected by the system, check here for the groups,
which have the right/privilege.
You should check for sure for the "Access this computer from the network", if you intend
to use your system as a network server:

A user can be member of MULTIPLE groups, which will give him the combined


Featured Links