Microsoft KB Archive/102382
PSS ID Number: 102382
Article Last Modified on 11/20/2003
The information in this article applies to:
- Microsoft Windows NT Server 3.1
- Microsoft Windows NT Workstation 3.1
- Microsoft Windows NT Advanced Server 3.1
This article was previously published under Q102382
When downlevel servers (LAN Manager 2.x machines) are created as members of a Windows NT Domain, their machine accounts are members of the Servers Global group and the Domain Users Global group.
When NET ACCOUNTS /ROLE:BACKUP is invoked, LAN Manager server adds this account and makes it a member of Servers group. It should also remove it from Users group. The account causes no problems. No one can use it because its password is machine generated. If its inclusion in Domain Users is undesirable, an administrator can simply change its primary group to Servers and then remove it from Users. Netlogon will still work.
This is by design. There is no real problem with the account being a member of Users.
Steps to Reproduce Behavior
NOTE: Two machines are required for this procedure.
- On machine A, run Windows NT Advanced Server as a primary domain controller or server.
- On machine B, run OS/2 and LAN Manager 2.2 as a backup domain controller (BDC) in the same domain as machine A.
- On machine A, start the User Manager for domains. Notice that machine B is listed in the Main User list.
- Double-click the Machine account so that the properties dialog box of that account is displayed.
- Click Groups. Notice that the Machine account is a member of the Servers Global group and the Domain Users Global group.
Additional query words: prodnt
Keywords: kbnetwork KB102382
Technology: kbWinNT310Search kbWinNTAdvSerSearch kbWinNTAdvServ310 kbWinNTS310 kbWinNTS310search kbWinNTsearch kbWinNTSsearch kbWinNTW310 kbWinNTW310Search kbWinNTWsearch