Comments (4)

  1. Anonymous says:

    Active Directory Documentation Team has put on the web interesting post about default permissions of

  2. Anonymous says:

    This is great info to make available to the public. I am curious why this is being made publically available 10 years after AD was released. Better late than never I guess.

    I have always preached that the built-in groups should not be used. I have seen many cases where the Account Operators group has been used to exploit AD and DCs. I posted about this a while back ( This lingering ACE is another reason to NOT use the built-in groups, especially the Account Operators group.

  3. On 2008 R2 Account Operators cannot shutdown a DC