If I create a new AD domain user account. Does it, by default, have access to locally log on to any machine in the domain and read/write to its hard drive?
What are the default permissions for a new domain user in AD?
If I create a new AD domain user account. Does it, by default, have access to locally log on to any machine in the domain and read/write to its hard drive?
What are the default permissions for a new domain user in AD?
By default all new users are part of the
Domain Users
group. That group in turn is part of theUsers
group on all machines in the domain. So a user will have the privileges of a normal - non admin user on any box in the domain. What that means is they will be able to write to files in their home directory but not much else without permission updates.A standard user does have the user right to log on locally to all member computers. A standard user does not have the user right to log on locally to a domain controller.
A quick look at the NTFS permissions on the root drive of any member computer will show you what NTFS permissions a standard user has to the file system.