Windows 2000 User Permissions

by Johannes Helmig [Published on 3 June 2001 / Last Updated on 3 June 2001]

When creating new Users in Windows 2000, you define their rights/privileges by defining
the users to be a member of a group.
The rights/privileges of a user are based on the rights/privileges of the groups,
so a right/privilege is assigned to a user by make the user a member of a group,
which has the required right/privilege.

To view/modify these rights/privileges, view the "Administrative Tools":

then: "Computer Management":

"Computer Management" allows also User-Management (add/delete users), but offers
some advanced options not available in the more simple User-Applet, for example:
it shows in the overview, that the user-account for "GUEST" is de-activated:

It allows to view the predefined Groups and to add custom-groups:

While creating a new group,
users can be added immedialety to
be a member of the group.

But users can be added later
to become a member of a group.

But to see in detail the permission/rights/provileges of a group, you need to "drill down"
in the "Group - Policies" 4 levels down:

Here you find the list of rights/privileges for all the jobs on your system, from:
- Accessing this computer from the Network
- Backup files and directories
- Restore files and directories (yes, it is a different right/privilege)
- Load and unload device drivers --> Configure hardware, reserved for Administrators.

You can view in detail the list of groups with each right/privilege:

For example: "regular users" do not have the right/permission/privilege to make backups.

To enable another group (one of the predefined or our own-defined groups) to have a
right/privilege (like: make a backup), you need to add your group to the list:

Select from the list of defined groups your group and "add" it:

In summary: everytime, when you are rejected by the system, check here for the groups,
which have the right/privilege.
You should check for sure for the "Access this computer from the network", if you intend
to use your system as a network server:

A user can be member of MULTIPLE groups, which will give him the combined

See Also

The Author — Johannes Helmig

Dr.Johannes Helmig is working as Director, Technical Knowledge Management in the Belgium office of Gerber Technology where he is involved in Customer Service and internal training, with special interest in Networking.


Featured Links