diff --git a/WindowsServerDocs/identity/ad-ds/manage/understand-security-groups.md b/WindowsServerDocs/identity/ad-ds/manage/understand-security-groups.md index ca7ffbb47b..a3f8fb5242 100644 --- a/WindowsServerDocs/identity/ad-ds/manage/understand-security-groups.md +++ b/WindowsServerDocs/identity/ad-ds/manage/understand-security-groups.md @@ -112,7 +112,6 @@ The following list provides descriptions of the default groups that are located - [Cloneable Domain Controllers](#cloneable-domain-controllers) - [Cryptographic Operators](#cryptographic-operators) - [Denied RODC Password Replication](#denied-rodc-password-replication) -- [Device Owners](#device-owners) - [DHCP Administrators](#dhcp-administrators) - [DHCP Users](#dhcp-users) - [Distributed COM Users](#distributed-com-users) @@ -364,24 +363,6 @@ This security group includes the following changes since Windows Server 2008: |Safe to delegate management of this group to non-service admins?|| |Default user rights|None| -### Device Owners - -When the Device Owners group has no members, we recommend that you don't change the default configuration for this security group. Changing the default configuration might hinder future scenarios that rely on this group. The Device Owners group currently isn't used in Windows. - -The Device Owners group applies to the Windows Server OS in [Default AD security groups](#default-ad-security-groups). - -|Attribute|Value| -|--- |--- | -|Well-known SID/RID|S-1-5-32-583| -|Type|Builtin Local| -|Default container|CN=Builtin, DC=\, DC=| -|Default members|None| -|Default member of|None| -|Protected by AdminSDHolder?|No| -|Safe to move out of default container?|You can move the group, but we don't recommend it| -|Safe to delegate management of this group to non-service admins?|No| -|Default user rights|[Allow log on locally](/windows/device-security/security-policy-settings/allow-log-on-locally): SeInteractiveLogonRight

[Access this computer from the network](/windows/device-security/security-policy-settings/access-this-computer-from-the-network): SeNetworkLogonRight

[Bypass traverse checking](/windows/device-security/security-policy-settings/bypass-traverse-checking): SeChangeNotifyPrivilege

[Change the time zone](/windows/device-security/security-policy-settings/change-the-time-zone): SeTimeZonePrivilege| - ### DHCP Administrators Members of the DHCP Administrators group can create, delete, and manage different areas of the server's scope. This includes the rights to back up and restore the Dynamic Host Configuration Protocol (DHCP) database. Even though this group has administrative rights, it isn't part of the Administrators group because this role is limited to DHCP services.