Re: Everyone, Users, and Guests

From: Salt_Peter (salt_at_peter.mtl)
Date: 06/20/03 

Date: Fri, 20 Jun 2003 03:09:40 -0400

Everyone = both authenticated and anonymous logons
Authenticated Users = users authenticated by any trusted domain (it's a
foreign security principle)
Domain Guests (is a global group) = anonymous logons (the Guest account is
disabled)
Guests (is a local group) = Used to provide anonymous access to local
resources
Domain Users (is a global group) = domain's authenticated users (a member of
Users/Builtin)
Users (is a local group) = Used to provide DU's secure permissions to local
resources (Users/Builtin if u prefer)

Users go into Global groups,
Global Groups go into Local Groups,
Local Groups are given permissions to resources.

Acronym: UGLP

Local goups can't be exported, Global groups can cross a trust relationship
and finally, it's bad Karma to give Global groups permission to resources.
That's what Local groups are for. That way the admin has control over the
contents of the group using resources on his systems..

"e-head" <ehead@nobodies.biz> wrote in message
news:14443a380aecdcbf09721fad2a0079a4@free.teranews.com...
> I'm sure I'm not the only one who has found these three groups confusing.
>
> Is the Everyone group only supposed to include authenticated users ? That
> is, authenticated either on the local machine, or on a domain
> via a domain controller. Anyone who "signs on" to any workgroup or domain
in
> this regard would be considered Everyone ?
> And the only one's that would not be a part of this group are, say, 98
users
> who hit cancel instead of signing on the workgroup/domain.
>
> Guests are literally anyone, right ? Even if the person was not
> authenticated on a domain or workgroup. So, e.g. , if you wanted to run an
> anonymous ftp server and give read/write permission to everyone who came
> along, you would grant this permission to Guests ?
>
> If anyone could highlight the fine points between all these groups I would
> appreciate it.
>
> Also, Everyone seems hidden in XP. He is there, I can type him in and add
> him, but he doesnt show up in the users and groups mmc.
>
>
>

Relevant Pages

  • Re: Everyone, Users, and Guests
    ... Gloabal Guests or Local Guests groups for any type of access if you ... >Global Groups go into Local Groups, ... >Local Groups are given permissions to resources. ...
    (microsoft.public.win2000.security)
  • Re: I cant put a Group in a Group ??
    ... Global Groups Cannot be added to Local Groups ... Have users accounts and global groups as members. ... Have users, global groups, and universal groups from any domain as ...
    (microsoft.public.windows.server.active_directory)
  • global local security group question
    ... What's the proper way to setup security for a shared data directory? ... In AD, there are global groups, i.e. Accounting_Read, Accounting_Full, ... should I create local groups in AD and assign the ... Or should I create groups on the file server itself and assign ...
    (microsoft.public.windows.server.active_directory)
  • Re: Group Scope Question
    ... that domain local groups can only be used within the domain. ... will need to use global groups to give users access to resources in another ... Domain local groups are best used in access control lists ... I plan on having a Domain Controller in each site to ...
    (microsoft.public.win2000.security)
  • Re: Win2K cant see domain local group of a NT 4 pdc
    ... denied" error message if he tried to access a resource if local groups are ... So until we can unify all those NT 4 domains under a single Windows 2003 ... we are stuck with the global groups. ... User accounts that originate in the Windows ...
    (microsoft.public.windows.server.security)