Things to consider are if you are doing a "clean" install or if you are upgrading to Windows 2000 from a Windows NT machine. According to Microsoft, the default security settings for clean-installed workstations, servers, and domain controllers can be found in the following files respectively: *defltwk.inf *defltsv.inf *defltdc.inf
In upgraded machines, the default Windows 2000 permissions for file system, registry and service objects are also applied to upgraded machines using the following files: *dwup.inf *dsup.inf *dcup.inf (NT4 DC Upgrade Only)
So this means that when upgrading, an additional INF file is used and perhaps this is where you are seeing a discrepancy.
This was first published in June 2001