A user (or user account) is a security principle that allows an individual to log on to a computer or network. The two kinds of user accounts in WS2003-based networks are:

Local user account

Enables a user to log on to a standalone server to access resources on that computer. Local users are stored on the computer on which they are created in the computer’s local security database. Local users can’t be created on domain controllers, but they can be created on member servers belonging to a domain.

Domain user account

Enables a user to log on to a domain to access resources on computers in the domain. Domain users are domainwide in scope and are stored within Active Directory. Domain user accounts are internally identified within Active Directory by their security identifier. If you delete an account and create a new account with the same name, it will have a different SID than the deleted account.

Built-in Accounts

In addition, a number of built-in user accounts are created when WS2003 is installed:


An account that has full administrative rights for the domain or computer.


An account used to grant temporary access to network resources in the domain or computer. This account is disabled by default and should be enabled only when needed.

On a member server or client computer, the Administrator and Guest accounts are local user accounts and are stored in the local security database. For example, the Administrator account on a member server has ...

Get Windows Server 2003 in a Nutshell now with the O’Reilly learning platform.

O’Reilly members experience live online training, plus books, videos, and digital content from nearly 200 publishers.