DOCUMENT:Q102382 17-AUG-1993 [W_NT] TITLE :Downlevel Servers Included in Two Groups When Created PRODUCT :Windows NT PROD/VER:3.10 OPER/SYS:WINDOWS KEYWORDS: -------------------------------------------------------------- The information in this article applies to: - Microsoft Windows NT operating system, version 3.1 - Microsoft Windows NT Advanced Server, version 3.1 -------------------------------------------------------------- SYMPTOMS ======== When downlevel servers (LAN Manager 2.x machines) are created as members of a Windows NT Domain, their machine accounts are members of the Servers Global group and the Domain Users Global group. CAUSE ===== When NET ACCOUNTS /ROLE:BACKUP is invoked, LAN Manager server adds this account and makes it a member of Servers group. It should also remove it from Users group. The account causes no problems: no one can use it because its password is machine generated. If its inclusion in Domain Users is undesirable, the NT administrator can simply change its primary group to Servers and then remove it from Users. Netlogon will still work. RESOLUTION ========== This is by design. There is no real problem with the account being a member of Users. MORE INFORMATION ================ Steps to Reproduce Behavior --------------------------- NOTE: Two machines are required for this procedure. 1. On machine A, run Windows NT Advanced Server as a primary domain controller (PDC). 2. On machine B, run OS/2 and LAN Manager 2.2 as a backup domain controller (BDC) in the same domain as machine A. 3. On machine A, start the User Manager for domains. Notice that machine B is listed in the Main User list. 4. Double-click the Machine account so that the properties dialog box of that account is displayed. 5. Click Groups. Notice that the Machine account is a member of the Servers Global group and the Domain Users Global group. Additional reference words: 3.10 KBCategory: KBSubCategory: ============================================================================= THE INFORMATION PROVIDED IN THE MICROSOFT KNOWLEDGE BASE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. MICROSOFT DISCLAIMS ALL WARRANTIES, EITHER EXPRESS OR IMPLIED, INCLUDING THE WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. IN NO EVENT SHALL MICROSOFT CORPORATION OR ITS SUPPLIERS BE LIABLE FOR ANY DAMAGES WHATSOEVER INCLUDING DIRECT, INDIRECT, INCIDENTAL, CONSEQUENTIAL, LOSS OF BUSINESS PROFITS OR SPECIAL DAMAGES, EVEN IF MICROSOFT CORPORATION OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. SOME STATES DO NOT ALLOW THE EXCLUSION OR LIMITATION OF LIABILITY FOR CONSEQUENTIAL OR INCIDENTAL DAMAGES SO THE FOREGOING LIMITATION MAY NOT APPLY. Copyright Microsoft Corporation 1993.