Re: Do all login users secretly belong to the Users group?

• Previous message: Dave: "Re: Do all login users secretly belong to the Users group?"
• In reply to: sparky62: "Do all login users secretly belong to the Users group?"
• Next in thread: Steven L Umbach: "Re: Do all login users secretly belong to the Users group?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Thu, 12 May 2005 13:08:46 -0700

No. There is nothing at all secret about membership of Users group.
Look at it. You will see either Authenticated Users or INTERACTIVE
or both. An account is useless for console login if it is not a Users
member. This is what INTERACTIVE guarantees.

In today's world, with a default install configuration, Users is very
little different from Everyone (if anonymous is not in Everyone).

-- 
Roger Abell
Microsoft MVP (Windows  Security)
MCSE (W2k3,W2k,Nt4)  MCDBA
"sparky62" <sparky62@discussions.microsoft.com> wrote in message
news:095DFEA0-C5A2-4C38-8549-D60C4E32B5A8@microsoft.com...
> I create a new user, make it a member of the Guests group and explicitly
> remove it
> from the Users group (so that the new user is a member of the Guests group
> and no other group).
>
> Strangely this new user has the "effective permissions" to "read &
execute"
> a file as if it was in the Users group. This is very odd behaviour.
>
> My file has an ACL with "full control" ACEs for
> SYSTEM, Administrators and CURRENT OWNER (Administrator), and a "read &
> execute" ACE for the "Users" group (and no other ACEs).
>
> Also if I log on as the new user in the Guests group I can read the file
too.
>
> What is going on?
>

• Previous message: Dave: "Re: Do all login users secretly belong to the Users group?"
• In reply to: sparky62: "Do all login users secretly belong to the Users group?"
• Next in thread: Steven L Umbach: "Re: Do all login users secretly belong to the Users group?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages Do all login users secretly belong to the Users group? ... make it a member of the Guests group and explicitly ... SYSTEM, Administrators and CURRENT OWNER, and a "read & ... execute" ACE for the "Users" group (and no other ACEs). ... (microsoft.public.win2000.security) Why does a user ONLY in the Guests group have Users permissions? ... If I create a new user and make it a member of the Guests group and remove it ... group) how come the new user has the "effective permissions" to a file system ... and no other ACEs. ... (microsoft.public.windowsxp.security_admin) RE: Access is Denied to Event Viewer logs ... Also open the local guests group, ... Access is Denied to Event Viewer logs ... | I am afraid the Administrator is not a member of the Guest group. ... (microsoft.public.win2000.security) Re: SQL 2000 Windows Authentication - Same User Multiple Groups ... UpdateResearch stored procs. ... Resarch group (of which he is also a member), ... It's unclear to me why you explicitly denied execute on UpdateResearch to ... view-level permissions such that we can permit/deny a database action ... (microsoft.public.sqlserver.security) Re: Anonymous user access problem. ... is the new Test user a memberof USERS group? ... > was not able to access ftp server using anonymous user. ... > and made it member of guests group only and I am able to access FTP site ... (microsoft.public.inetserver.iis.ftp)