Difference between a USER and an AUTHENTICATED USER

[Guest]

Archived from groups: microsoft.public.win2000.security (More info?)

I assume that if you are a USER, are you not already an AUTHENTICATED USER?

Can someone tell me the difference between these two groups? Why I would
use one over the other?
Thanks!

--
bill
visual.eyes@telus.net

 

[Guest]

Archived from groups: microsoft.public.win2000.security (More info?)

Any user that authenticates to your computer becomes a member of the special
group authenticated users which is also a member of the users group. You can
use whoami or gpresult to see all the groups that a logged on users is a
member of. You can not control membership of the authenticated users group
while you can control membership to the users group. In general I would
leave membership of the users group alone at default levels and instead
create new groups if you want to restrict access to resources. I don't see
an advantage of using one over the other when you want to grant
permissions/privileges to a broad group if the user group membership is not
messed with. However for instance it is possible to add guest account to the
users group [don't ask me why anyone would want to do such!]. Because of
that many security guides recommend giving permissions to authenticated
users instead of users.

The main thing to consider is to avoid giving permissions to "everyone" .
Everyone includes well everyone including guest account, and anonymous
logon. If you use authenticated users you will be sure to not allow access
to guest account or anonymous logon access. If the guest account becomes
enabled on a computer then any network user can access shares that include
permissions for the everyone group for both the share and ntfs. --- Steve

http://www.microsoft.com/technet/security/default.mspx --- TechNet
Security link.

"Bill Tkach" <bill.tkach@iwafibp.ca> wrote in message
news:uT1KiX%23gFHA.2840@tk2msftngp13.phx.gbl...
>I assume that if you are a USER, are you not already an AUTHENTICATED USER?
>
> Can someone tell me the difference between these two groups? Why I would
> use one over the other?
> Thanks!
>
> --
> bill
> visual.eyes@telus.net
>
>

 

[Guest]

Archived from groups: microsoft.public.win2000.security (More info?)

"" wrote:
> I assume that if you are a USER, are you not already an
> AUTHENTICATED USER?
>
> Can someone tell me the difference between these two groups?
> Why I would
> use one over the other?
> Thanks!
>
> --
> bill
> visual.eyes@telus.net

The users group is somehow a static group and to be precise a domain
local group and specific to a domain. By default domain users global
group is a member of the users domain local group and each user by
default has the domain users global groups ac its primary group. All
of the above specific to a domain.

The authenticated users is a computed group which it does not have
members. During authenticatoin by a DC this group is added to the
security token. If you are authenticated by a DC in domain A and in
domain B the authenticated users have permissions assigned the user
from domain A can access the resource in domain b. The authenticated
users is also a member of users so the end result will be the same.
Permissions omst of the time are assigned to authenticated users and
not to the users group

Cheers,

--
Posted using the http://www.windowsforumz.com interface, at author's request
Articles individually checked for conformance to usenet standards
Topic URL: http://www.windowsforumz.com/Security-Difference-USER-AUTHENTICATED-USER-ftopict554685.html
Visit Topic URL to contact author (reg. req'd). Report abuse: http://www.windowsforumz.com/eform.php?p=1761878

 

[Guest]

Archived from groups: microsoft.public.win2000.security (More info?)

I'll take a crack at the critical difference, briefly.

A "user" is a member of the Users group, which you control and
is exactly what you see when you look at the groups membership.

An "authenticated user" is any account that has been authenticated
(i.e. logged in with credentials) anywhere in the forest.

--
Roger Abell
Microsoft MVP (Windows Security)
MCSE (W2k3,W2k,Nt4) MCDBA
"Bill Tkach" <bill.tkach@iwafibp.ca> wrote in message
news:uT1KiX%23gFHA.2840@tk2msftngp13.phx.gbl...
> I assume that if you are a USER, are you not already an AUTHENTICATED
USER?
>
> Can someone tell me the difference between these two groups? Why I would
> use one over the other?
> Thanks!
>
> --
> bill
> visual.eyes@telus.net
>
>

 

[Guest]

Archived from groups: microsoft.public.win2000.security (More info?)

That makes it clearer.
So, if someone logs on to the domain, they are automatically assigned to the
Authenticated Users group.
This might not be so for the user group, since the people in this group are
assigned by the administrator.

That helps a lot.
thank you.


"Bill Tkach" <bill.tkach@iwafibp.ca> wrote in message
news:uT1KiX%23gFHA.2840@tk2msftngp13.phx.gbl...
>I assume that if you are a USER, are you not already an AUTHENTICATED USER?
>
> Can someone tell me the difference between these two groups? Why I would
> use one over the other?
> Thanks!
>
> --
> bill
> visual.eyes@telus.net
>
>

 

[Guest]

Archived from groups: microsoft.public.win2000.security (More info?)

"Bill Tkach" <bill.tkach@iwafibp.ca> wrote in message
news:%23iE55j%23hFHA.720@TK2MSFTNGP14.phx.gbl...
> That makes it clearer.
> So, if someone logs on to the domain, they are automatically assigned to
the
> Authenticated Users group.

yes

> This might not be so for the user group, since the people in this group
are
> assigned by the administrator.

yes - and similarly for Domain Users

but - they do not have to log into the domain to be an
Authenticated Users "member" - they only need to log
into some domain of the forest.


>
> That helps a lot.
> thank you.
>
>
> "Bill Tkach" <bill.tkach@iwafibp.ca> wrote in message
> news:uT1KiX%23gFHA.2840@tk2msftngp13.phx.gbl...
> >I assume that if you are a USER, are you not already an AUTHENTICATED
USER?
> >
> > Can someone tell me the difference between these two groups? Why I
would
> > use one over the other?
> > Thanks!
> >
> > --
> > bill
> > visual.eyes@telus.net
> >
> >
>
>