Information Technology Reference
In-Depth Information
figure 7.4
Contents of the default
Users
folder
Three important user accounts are created during the promotion of a domain controller,
described here:
Administrator Account
The Administrator account is assigned the password a system
administrator provides during the promotion process, and it has full permissions to
perform all actions within the domain.
Guest Account
The Guest account is disabled by default. The purpose of the
Guest
account
is to provide anonymous access to users who do not have an individual logon and
password to use within the domain. Although the Guest account might be useful in some
situations, it is generally recommended that this account be disabled to increase security.
Krbtgt, or Key Distribution Center Service, Account
Only the operating system uses the
krbtgt
, or
Key Distribution Center Service
,
account
for Kerberos authentication while it
is using
DCPromo.exe
. This account is disabled by default. Unlike other user accounts, the
krbtgt account cannot be used to log on to the domain, and therefore it does not need to be
enabled. Since only the operating system uses this account, you do not need to worry about
hackers gaining access by using this account.
Predefined Global Groups
As mentioned earlier in this chapter, you use global groups to manage permissions at the
domain level. Members of each of these groups can perform specific tasks related to manag-
ing Active Directory.
Search WWH ::
Custom Search