Re: Difference between a USER and an AUTHENTICATED USER

• Previous message: NickN: "[FATAL] Kerberos does not have a ticket for "SERVER"$ Error - Netd"
• In reply to: Bill Tkach: "Difference between a USER and an AUTHENTICATED USER"
• Next in thread: Jorge_de_Almeida_Pinto: "Re: Difference between a USER and an AUTHENTICATED USER"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Fri, 8 Jul 2005 15:40:26 -0500

Any user that authenticates to your computer becomes a member of the special
group authenticated users which is also a member of the users group. You can
use whoami or gpresult to see all the groups that a logged on users is a
member of. You can not control membership of the authenticated users group
while you can control membership to the users group. In general I would
leave membership of the users group alone at default levels and instead
create new groups if you want to restrict access to resources. I don't see
an advantage of using one over the other when you want to grant
permissions/privileges to a broad group if the user group membership is not
messed with. However for instance it is possible to add guest account to the
users group [don't ask me why anyone would want to do such!]. Because of
that many security guides recommend giving permissions to authenticated
users instead of users.

The main thing to consider is to avoid giving permissions to "everyone" .
Everyone includes well everyone including guest account, and anonymous
logon. If you use authenticated users you will be sure to not allow access
to guest account or anonymous logon access. If the guest account becomes
enabled on a computer then any network user can access shares that include
permissions for the everyone group for both the share and ntfs. --- Steve

http://www.microsoft.com/technet/security/default.mspx --- TechNet
Security link.

"Bill Tkach" <bill.tkach@iwafibp.ca> wrote in message
news:uT1KiX%23gFHA.2840@tk2msftngp13.phx.gbl...
>I assume that if you are a USER, are you not already an AUTHENTICATED USER?
>
> Can someone tell me the difference between these two groups? Why I would
> use one over the other?
> Thanks!
>
> --
> bill
> visual.eyes@telus.net
>
>

• Previous message: NickN: "[FATAL] Kerberos does not have a ticket for "SERVER"$ Error - Netd"
• In reply to: Bill Tkach: "Difference between a USER and an AUTHENTICATED USER"
• Next in thread: Jorge_de_Almeida_Pinto: "Re: Difference between a USER and an AUTHENTICATED USER"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages Re: There isnt Guest. Re: How to Check? Re: Logs off after choosing a built-in guest account ... > Guest account is not in Users Group yet. ... > Authenticated Users and/or INTERACTIVE within it? ... (microsoft.public.windowsxp.security_admin) Re: Changing Membership Type ... as that user but their membership was Guest. ... the Power Users group does not exist on an XP Home ... Using the User Account applet ... (microsoft.public.windowsxp.security_admin) Re: Hobbyist questions? ... You don't exactly need to "register with HP", you need to be a registered member ... USers Group, http://www.hp-interex.org/, or VAXUS, a new VAX/VMS Users Society ... Then, with your membership number, you go to the Montagar site and order your CD ... $$$ and your licences. ... (comp.os.vms) Re: Creating users ... >> Power User the user remains in the Users group as well. ... >> should I remove membership until the user is only part of one group? ... > represent a problem unless you're doing tricky stuff with permissions & plan ... but how many computers on this network? ... (microsoft.public.win2000.general) Re: Distribution List Issue ... She attempted to send to the All Users group and was rejected ... How do I stop people from expanding distribution lists? ... You hide the membership of the group. ... "Exchange Advanced" tab of the group. ... (microsoft.public.exchange2000.admin)