NoteAny member server or stand-alone server can be promoted to be a domain controller using the Active Directory Installation wizard. For factors to consider before promoting a domain controller, see Checklist: Installing a domain controller
To maximize security, by default, Windows 2000 Active Directory does not allow accounts logged on with Anonymous access the ability to view group memberships and other user and group information. Windows NT 4.0 did allow this degree of access. Several existing applications, including Microsoft BackOffice applications like SQL Server as well as some third party applications, depend on this type of access to function correctly.
To allow you to choose between the stronger security provided by Windows 2000 and the ability to continue to use the security required for legacy applications, Windows 2000 includes the builtin local security group Pre-Windows 2000 Compatible Access. Adding or removing the special group Everyone as a member of this group and then rebooting the domain controllers in that domain allows you to operate your network either with pre-Windows 2000 security levels or with the greater security provided by Windows 2000.
To provide a clean and simple upgrade path from Windows NT, the Active Directory Installation wizard offers you the choice between Permissions compatible with pre-Windows 2000 servers, which provides the security level compatible with some pre-Windows 2000 applications and Permissions compatible only with Windows 2000 server. For more information about the Active Directory Installation wizard, see Install a domain controller
Note
For additional information, see: