Theoretically, built-in groups are historical in nature (i.e., carryovers from NT4.0 and previous) and should not be used going forward.
All of their capabilities are reproducible via delegation and GPOs and User Rights Assignments. But I don't think they are going anywhere. Brian Desmond may have more insight than I do on this topic. Regards, Michael B. Smith Consultant and Exchange MVP http://TheEssentialExchange.com From: David Lum [mailto:[email protected]] Sent: Tuesday, January 10, 2012 10:06 AM To: NT System Admin Issues Subject: Related to my Domain Admin thread Best practice to not add users to a builtin group? "Account Operators: By default, this built-in group has no members. It can create and manage users and groups in the domain, but it cannot manage service administrator accounts. As a best practice, do not add members to this group, and do not use it for any delegated administration". http://technet.microsoft.com/en-us/library/cc700835.aspx David Lum Systems Engineer // NWEATM Office 503.548.5229 // Cell (voice/text) 503.267.9764 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected]<mailto:[email protected]> with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin
