Pre2K
Pre-Windows 2000 Compatible Access (AD Group)
- Built-in AD group used for backward compatibility.
- Group Name:
Pre-Windows 2000 Compatible Access
- SID:
S-1-5-32-554
- Grants read access over users and groups.
- Risk when broad principals (e.g., Authenticated Users / Everyone / ANONYMOUS LOGON) are members.
Pre2K Machine Account
- ADUC option: “Assign this computer account as a pre-Windows 2000 computer.”
- Sets a guessable initial machine-account password (historically = computer name) instead of random; dangerous if not rotated/reset after join.