Difference between a USER and an AUTHENTICATED USER

Archived from groups: microsoft.public.win2000.security (More info?)

I assume that if you are a USER, are you not already an AUTHENTICATED USER?

Can someone tell me the difference between these two groups? Why I would
use one over the other?
Thanks!

--
bill
visual.eyes@telus.net
5 answers Last reply
More about difference user authenticated user
  1. Archived from groups: microsoft.public.win2000.security (More info?)

    Any user that authenticates to your computer becomes a member of the special
    group authenticated users which is also a member of the users group. You can
    use whoami or gpresult to see all the groups that a logged on users is a
    member of. You can not control membership of the authenticated users group
    while you can control membership to the users group. In general I would
    leave membership of the users group alone at default levels and instead
    create new groups if you want to restrict access to resources. I don't see
    an advantage of using one over the other when you want to grant
    permissions/privileges to a broad group if the user group membership is not
    messed with. However for instance it is possible to add guest account to the
    users group [don't ask me why anyone would want to do such!]. Because of
    that many security guides recommend giving permissions to authenticated
    users instead of users.

    The main thing to consider is to avoid giving permissions to "everyone" .
    Everyone includes well everyone including guest account, and anonymous
    logon. If you use authenticated users you will be sure to not allow access
    to guest account or anonymous logon access. If the guest account becomes
    enabled on a computer then any network user can access shares that include
    permissions for the everyone group for both the share and ntfs. --- Steve

    http://www.microsoft.com/technet/security/default.mspx --- TechNet
    Security link.

    "Bill Tkach" <bill.tkach@iwafibp.ca> wrote in message
    news:uT1KiX%23gFHA.2840@tk2msftngp13.phx.gbl...
    >I assume that if you are a USER, are you not already an AUTHENTICATED USER?
    >
    > Can someone tell me the difference between these two groups? Why I would
    > use one over the other?
    > Thanks!
    >
    > --
    > bill
    > visual.eyes@telus.net
    >
    >
  2. Archived from groups: microsoft.public.win2000.security (More info?)

    "" wrote:
    > I assume that if you are a USER, are you not already an
    > AUTHENTICATED USER?
    >
    > Can someone tell me the difference between these two groups?
    > Why I would
    > use one over the other?
    > Thanks!
    >
    > --
    > bill
    > visual.eyes@telus.net

    The users group is somehow a static group and to be precise a domain
    local group and specific to a domain. By default domain users global
    group is a member of the users domain local group and each user by
    default has the domain users global groups ac its primary group. All
    of the above specific to a domain.

    The authenticated users is a computed group which it does not have
    members. During authenticatoin by a DC this group is added to the
    security token. If you are authenticated by a DC in domain A and in
    domain B the authenticated users have permissions assigned the user
    from domain A can access the resource in domain b. The authenticated
    users is also a member of users so the end result will be the same.
    Permissions omst of the time are assigned to authenticated users and
    not to the users group

    Cheers,

    --
    Posted using the http://www.windowsforumz.com interface, at author's request
    Articles individually checked for conformance to usenet standards
    Topic URL: http://www.windowsforumz.com/Security-Difference-USER-AUTHENTICATED-USER-ftopict554685.html
    Visit Topic URL to contact author (reg. req'd). Report abuse: http://www.windowsforumz.com/eform.php?p=1761878
  3. Archived from groups: microsoft.public.win2000.security (More info?)

    I'll take a crack at the critical difference, briefly.

    A "user" is a member of the Users group, which you control and
    is exactly what you see when you look at the groups membership.

    An "authenticated user" is any account that has been authenticated
    (i.e. logged in with credentials) anywhere in the forest.

    --
    Roger Abell
    Microsoft MVP (Windows Security)
    MCSE (W2k3,W2k,Nt4) MCDBA
    "Bill Tkach" <bill.tkach@iwafibp.ca> wrote in message
    news:uT1KiX%23gFHA.2840@tk2msftngp13.phx.gbl...
    > I assume that if you are a USER, are you not already an AUTHENTICATED
    USER?
    >
    > Can someone tell me the difference between these two groups? Why I would
    > use one over the other?
    > Thanks!
    >
    > --
    > bill
    > visual.eyes@telus.net
    >
    >
  4. Archived from groups: microsoft.public.win2000.security (More info?)

    That makes it clearer.
    So, if someone logs on to the domain, they are automatically assigned to the
    Authenticated Users group.
    This might not be so for the user group, since the people in this group are
    assigned by the administrator.

    That helps a lot.
    thank you.


    "Bill Tkach" <bill.tkach@iwafibp.ca> wrote in message
    news:uT1KiX%23gFHA.2840@tk2msftngp13.phx.gbl...
    >I assume that if you are a USER, are you not already an AUTHENTICATED USER?
    >
    > Can someone tell me the difference between these two groups? Why I would
    > use one over the other?
    > Thanks!
    >
    > --
    > bill
    > visual.eyes@telus.net
    >
    >
  5. Archived from groups: microsoft.public.win2000.security (More info?)

    "Bill Tkach" <bill.tkach@iwafibp.ca> wrote in message
    news:%23iE55j%23hFHA.720@TK2MSFTNGP14.phx.gbl...
    > That makes it clearer.
    > So, if someone logs on to the domain, they are automatically assigned to
    the
    > Authenticated Users group.

    yes

    > This might not be so for the user group, since the people in this group
    are
    > assigned by the administrator.

    yes - and similarly for Domain Users

    but - they do not have to log into the domain to be an
    Authenticated Users "member" - they only need to log
    into some domain of the forest.


    >
    > That helps a lot.
    > thank you.
    >
    >
    > "Bill Tkach" <bill.tkach@iwafibp.ca> wrote in message
    > news:uT1KiX%23gFHA.2840@tk2msftngp13.phx.gbl...
    > >I assume that if you are a USER, are you not already an AUTHENTICATED
    USER?
    > >
    > > Can someone tell me the difference between these two groups? Why I
    would
    > > use one over the other?
    > > Thanks!
    > >
    > > --
    > > bill
    > > visual.eyes@telus.net
    > >
    > >
    >
    >
Ask a new question

Read More

Security Microsoft Windows Product