Re: Anonymous Logon and the Everyone Group

From: Roger Abell [MVP] (mvpNOSPAM@asu.edu)
Date: 12/21/02


From: "Roger Abell [MVP]" <mvpNOSPAM@asu.edu>
Date: Fri, 20 Dec 2002 21:44:28 -0700

The Everyone group has (in effect) as a subset the Users group,
which often itself has as part of it the Domain Users group.
In W2k Everyone has a more broad definition than it does in
the default config of XP and Windows .Net. In these newer
systems anonymous connections are specifically excluded from
Everyone (making it difficult to distinguish Everyone, in its
default form, from Authenticated Users). In the heritage systems
Everyone is effectively an indicator of any token that can be
used for a process, even when there is no identity. Right or not,
for the heritage systems I think of Everyone as Authenticated
Users (which includes Guest) + Anonymous User.

--
Roger
"Ed Thurber" <user@mail.com> wrote in message
news:uCX73GEqCHA.2460@TK2MSFTNGP12...
> Hello all:
>
> I have been reading a bit about a security vulnerability in W2K regarding
> the user rights associated with anonymous users.  There is one thing that
I
> would like clarified.  If a workstation/server in is part of a domain, is
> the "Everyone" group the same as the "Domain Users" group, or is it still
> possible to access a domain host from a non domain host.
>
> Ed Thurber
>
>