3.1.1.11 Server Access Control List
The server MUST maintain an access control list for authorizing clients to make calls to the server. Authorization is based on whether or not a client is granted STANDARD_RIGHTS_READ. The default configuration of this access control list depends on whether or not the server is a domain controller, per the following table:
|
Role |
Default Server access control list |
|---|---|
|
Non-DC |
STANDARD_RIGHTS_READ is granted to BuiltIn\Administrators. |
|
DC |
STANDARD_RIGHTS_READ is granted to all clients. |