Security Identifiers for Built-In Groups Are Unresolved When Modifying Group Policy

Article translations Article translations
Article ID: 277752 - View products that this article applies to.
This article was previously published under Q277752
This article has been archived. It is offered "as is" and will no longer be updated.
Expand all | Collapse all


This article discusses how some security identifiers (SIDs) for well-known built-in groups are unresolved when you modify the user rights assignment in the Default Domain Controllers Group Policy object.

More information

The preceding behavior is expected if the built-in group does not exist on the computer where the Group Policy snap-in is run.

As an example, the following SIDs can be unresolved when you modify Domain Group Policy from a Microsoft Windows 2000 Professional-based workstation because these built-in groups do not exist locally:
Builtin\Account Operators S-1-5-32-548
Builtin\Server Operators S-1-5-32-549
Builtin\Print Operators S-1-5-32-550

For additional information, click the following article number to view the article in the Microsoft Knowledge Base:
243330 Well Known Security Identifiers in Windows Server Operating Systems


Article ID: 277752 - Last Review: November 2, 2013 - Revision: 5.0
Applies to
  • Microsoft Windows 2000 Server
  • Microsoft Windows 2000 Advanced Server
  • Microsoft Windows 2000 Professional Edition
kbnosurvey kbarchive kbenv kbinfo KB277752

Contact us for more help

Contact us for more help
Connect with Answer Desk for expert help.
Get more support from