question

ElazaraArbiv-2263 avatar image
0 Votes"
ElazaraArbiv-2263 asked HannahXiong-MSFT answered

Built-in account ADMINISTRATOR

noticed that ADMINISTRATOR(Built-in account) is a member of many groups:
1.Administrators
2.Domain Admins
3.Domain Users
4.Exchange Domain Servers
5.Exchange Services
6.Group Policy Creator Owners
7.Protected Users
8.RASAdmins
9.SqlDtsUsers
10.SYSTEM-VAX

Is it required? have to ? Or is there something unnecessary? Is there a recommendation in which groups he will be a member?

windows-server
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

1 Answer

HannahXiong-MSFT avatar image
1 Vote"
HannahXiong-MSFT answered

Hello @ElazaraArbiv-2263,

Thank you so much for posting here.

I checked in my lab that the built-in administrator is a member of the following groups:
1. Administrators
2. Domain Admins
3. Domain Users
4. Group Policy Creator Owners
5. Schema Admins
6. Enterprise Admins

116044-image.png

As for the groups:
4.Exchange Domain Servers
5.Exchange Services
8.RASAdmins
9.SqlDtsUsers
10.SYSTEM-VAX

I checked that there are no these groups in my lab. Maybe we could have a check with the products teams, such as exchange, SQL.

As for the group Protected Users, there is no member in my lab. For more information about this group, please refer to:
https://docs.microsoft.com/en-us/windows-server/security/credentials-protection-and-management/protected-users-security-group

116141-image.png

For any question, please feel free to contact us.

Best regards,
Hannah Xiong



image.png (70.0 KiB)
image.png (13.1 KiB)
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.