Re: Purpose of "Authenticated Users"

From: Roger Abell (mvpNOSpam_at_asu.edu)
Date: 06/21/05

  • Next message: Joe Richards [MVP]: "Re: Purpose of "Authenticated Users"" 
    Date: Mon, 20 Jun 2005 17:11:39 -0700

    Will, that is all situational as far as AU use in policy values.
    What I referred is the use of AU as the default grant for Read
    and Apply in the security settings on GPOs, meaning that there
    is no security group filtering restricting GPOs from being applied
    to all accounts (users and machines). 

    -- 
Roger Abell
Microsoft MVP (Windows  Security)
"Will" <DELETE_westes@earthbroadcast.com> wrote in message
news:1oOdnbRdkf930CrfRVn-uw@giganews.com...
> Where are the security rules in the group policy where authenticated users
> either should or must appear?
>
> -- 
> Will
> Internet: westes AT earthbroadcast.com
>
>
> "Roger Abell" <mvpNOSpam@asu.edu> wrote in message
> news:OSlgcEKdFHA.2212@TK2MSFTNGP14.phx.gbl...
> > Let me try to summarize and perhaps add a slant.
> > You are very close in the comment that AU is like a DU of all Domains,
> > but DU does not have to have all user accounts and AU also includes
> > Domain Computers members (i.e. the machinename$ accounts in the
> > default SAM naming for them).  As was said, if an account authenticated
> > its token get the AU SID (whether user or computer).
> > When going off-box in a domain System appears as domain\machinename$
> > of the domain to which it is joined.
> > AU has broad read access to pretty much most of the objects in AD.  AU
is
> > the default principal used to filter GPO application.  AU in default
> > scenarios
> > is a member of machine local Users groups, effectively making machine
> local
> > Users not meaningfully different from AU in those scenarios.
> > AU is fairly simply purged from a member, but not from AD.
> >
> > -- 
> > Roger Abell
> > Microsoft MVP (Windows  Security)
> >
> > "Will" <DELETE_westes@earthbroadcast.com> wrote in message
> > news:uvW3tiDdFHA.2124@TK2MSFTNGP14.phx.gbl...
> > > What is the purpose of the predefined "Authenticated Users" group?
Is
> > > this simply a shorthand for Domain Users *across all* domains?
> > >
> > > -- 
> > > Will
> > > Internet: westes AT earthbroadcast.com
> > >
> > >
> > >
> >
> >
>
>
  • Next message: Joe Richards [MVP]: "Re: Purpose of "Authenticated Users""

    Relevant Pages

    • Re: Windows 2000 users accounts get locked out
      ... I have disabled my accounts lockout policy in my ... >account logon events enabled in Domain Security Policy ... and Domain Controller ...
      (microsoft.public.win2000.security)
    • Re: xp home connectivity
      ... check the settings on local policy ... Look for policy named: "Network Access: ... Sharing and security model for local accounts". ...
      (microsoft.public.security)
    • Re: Deny Log on Locally to some accounts through GPO
      ... This policy setting supersedes the Allow log on locally ... If you apply this security policy to the Everyone group, ... accounts reside... ... Microsoft Windows XP Operating System Group Policy Result tool ...
      (microsoft.public.windows.server.active_directory)
    • Re: How can I stop renewing the password every 2 weeks........
      ... local policy security options you will find a accounts ... wherein is the setting you need to adjust. ...
      (microsoft.public.win2000.security)
    • Re: Unable to unlock peer group members accounts
      ... Were they able to manage the user's accounts before and for the same exact ... If a user is a member of privileged groups such as administrators, ... not inherit security settings from parent in advanced page of security ...
      (microsoft.public.windows.server.security)