none
authenticated users

Answers

  • Hi,


    This is a built-in group that cannot be modified.  By definition : Any user, except a user of the Guest account, who is authenticated locally by a trusted domain controller. This identity provides users with the rights necessary to operate the system as an end user. (The Guest account is never treated as an Authenticated User.)

                                 

    Authenticated Users is available when applying permissions directly to an object, or can be placed in Local computer groups.  Authenticated Users cannot be added as a member to another user created domain groups (Global, Domain Local, or Universal).  However, the Authenticated User group can be added to the Built-in Domain Local groups.

     

    When working with domain user accounts and local user accounts remember that the local user accounts will also be members of Authenticated Users, and will therefore have access to local resources secured with this permission.  However, the scope of the local user accounts’ access will not extend onto remote computers via the Authenticated Users group.  This is because while the local user account includes the SID for the Authenticated User group, the local user must still authenticate to any remote computer prior to access being granted.

     

    Because Authenticated Users automatically includes all domain user accounts from all current and future trusted domains it is considered the most administrator friendly, allowing a good balance between security and future needs or changes.


    Regards from www.windowsadmin.info [If this answer helps you to resolve the issue, please click the "Mark as Answer" or "Helpful" button at the top of this message. This will help others to find the answers faster]


    ManuPhilip
    Wednesday, December 30, 2009 9:28 AM
  •  By definition the Authenticated Users group contains only users who have authenticated to the domain or a domain that is trusted by the computer domain.  For this reason it is generally thought of as the sum of all Domain User groups the computer’s domain has a trust with.  However, Authenticated Users will contain all manually created user accounts in all trusted domains regardless of whether they are a member of the Domain Users group or not.  Authenticated Users specifically does not contain the built-in Guest account, but will contain other users created and added to Domain Guests.

                                 

    The SID for Authenticated Users is S-1-5-11.  Authenticated Users is available when applying permissions directly to an object, or can be placed in Local computer groups.  Authenticated Users cannot be added as a member to another user created domain groups (Global, Domain Local, or Universal).  However, the Authenticated User group can be added to the Built-in Domain Local groups. The below KB defines the Group


    http://support.microsoft.com/kb/143474

    Wednesday, December 30, 2009 9:26 AM

All replies

  •  By definition the Authenticated Users group contains only users who have authenticated to the domain or a domain that is trusted by the computer domain.  For this reason it is generally thought of as the sum of all Domain User groups the computer’s domain has a trust with.  However, Authenticated Users will contain all manually created user accounts in all trusted domains regardless of whether they are a member of the Domain Users group or not.  Authenticated Users specifically does not contain the built-in Guest account, but will contain other users created and added to Domain Guests.

                                 

    The SID for Authenticated Users is S-1-5-11.  Authenticated Users is available when applying permissions directly to an object, or can be placed in Local computer groups.  Authenticated Users cannot be added as a member to another user created domain groups (Global, Domain Local, or Universal).  However, the Authenticated User group can be added to the Built-in Domain Local groups. The below KB defines the Group


    http://support.microsoft.com/kb/143474

    Wednesday, December 30, 2009 9:26 AM
  • Hi,


    This is a built-in group that cannot be modified.  By definition : Any user, except a user of the Guest account, who is authenticated locally by a trusted domain controller. This identity provides users with the rights necessary to operate the system as an end user. (The Guest account is never treated as an Authenticated User.)

                                 

    Authenticated Users is available when applying permissions directly to an object, or can be placed in Local computer groups.  Authenticated Users cannot be added as a member to another user created domain groups (Global, Domain Local, or Universal).  However, the Authenticated User group can be added to the Built-in Domain Local groups.

     

    When working with domain user accounts and local user accounts remember that the local user accounts will also be members of Authenticated Users, and will therefore have access to local resources secured with this permission.  However, the scope of the local user accounts’ access will not extend onto remote computers via the Authenticated Users group.  This is because while the local user account includes the SID for the Authenticated User group, the local user must still authenticate to any remote computer prior to access being granted.

     

    Because Authenticated Users automatically includes all domain user accounts from all current and future trusted domains it is considered the most administrator friendly, allowing a good balance between security and future needs or changes.


    Regards from www.windowsadmin.info [If this answer helps you to resolve the issue, please click the "Mark as Answer" or "Helpful" button at the top of this message. This will help others to find the answers faster]


    ManuPhilip
    Wednesday, December 30, 2009 9:28 AM
  • Here's a User and Group accounts table where indicates description, default members and aplicability.

    http://technet.microsoft.com/en-us/library/dd277461.aspx

    Hope it helps.


    MCSA, CompTIA Security+
    Thursday, September 02, 2010 9:31 AM