If I create a new AD domain user account. Does it, by default, have access to locally log on to any machine in the domain and read/write to its hard drive?
What are the default permissions for a new domain user in AD?
active-directoryusers
If I create a new AD domain user account. Does it, by default, have access to locally log on to any machine in the domain and read/write to its hard drive?
What are the default permissions for a new domain user in AD?
Best Answer
By default all new users are part of the
Domain Users
group. That group in turn is part of theUsers
group on all machines in the domain. So a user will have the privileges of a normal - non admin user on any box in the domain. What that means is they will be able to write to files in their home directory but not much else without permission updates.