3.1.1.11 Server Access Control List

The server MUST maintain an access control list for authorizing clients to make calls to the server. Authorization is based on whether or not a client is granted STANDARD_RIGHTS_READ. The default configuration of this access control list depends on whether or not the server is a domain controller, per the following table:

Role

Default Server access control list

Non-DC

STANDARD_RIGHTS_READ is granted to BuiltIn\Administrators.

DC

STANDARD_RIGHTS_READ is granted to all clients.