Authenticated Users vs Domain Users!
Results 1 to 7 of 7

Thread: Authenticated Users vs Domain Users!

  1. #1
    AO French Antique News Whore
    Join Date
    Aug 2001
    Posts
    2,126

    Authenticated Users vs Domain Users!

    I need some idea on this. I'm going throw my Local Security Setting on some my server when I noticed that the setting were not the same. In the Policy "Access this computer form the network" and some NTFS permission, some servers restrict the access to Authenticated Users build-in group and some restrict it using Domain Users build-in group! Witch one is the best?

    I'm thinking Authenticated Users might be better since it a group that include all my 3 domains users instead of adding each domain to the security policy but I would like to get feedback from AO community.

    Thank.
    -Simon \"SDK\"

  2. #2
    Senior Member
    Join Date
    Sep 2001
    Posts
    1,027
    Authenticated users should basically replace anywhere where you used to have "everyone"...
    Authenticated users includes any account that has authenticated, including computer accounts (which are often overlooked) for example...


    Ammo
    Credit travels up, blame travels down -- The Boss

  3. #3
    Senior Member
    Join Date
    Jan 2005
    Posts
    128
    Yeah, Domain Users covers USERS of that Domain. I can almost gurantee the Administrator account isnt in the Domain Users group, its in the Domain Admins group...

    Whereas, Authenticated Users (definietly replace all occurances of Everyone) covers every user aslong as they have been Authenticated....
    http://sfx-images.mozilla.org/affili...88x31/take.gif
    If You\'ve Done Something Right. People Wont Know You\'ve Done Anything At All - God (futurama)

  4. #4
    AO French Antique News Whore
    Join Date
    Aug 2001
    Posts
    2,126
    Originally posted here by Double//Cut
    Yeah, Domain Users covers USERS of that Domain. I can almost gurantee the Administrator account isnt in the Domain Users group, its in the Domain Admins group...

    Whereas, Authenticated Users (definietly replace all occurances of Everyone) covers every user aslong as they have been Authenticated....
    Domain Users include ALL account from the domaine including all Admin Account.
    -Simon \"SDK\"

  5. #5
    Senior Member
    Join Date
    Apr 2004
    Posts
    157
    Originally posted here by SDK
    Domain Users include ALL account from the domaine including all Admin Account.
    Actually, not necessarily. By default all users are set to 'Primary Group: Domain Users', but if you change a users Primary Group to something else, you can remove the user from 'Domain Users'... not really sure why you would wanna do that though.. but you could.. heh.. !
    So I guess 'Authenticated Users' is a safer bet.

  6. #6
    Senior Member Maestr0's Avatar
    Join Date
    May 2003
    Posts
    604
    A Domain administrator is not an Administrator. The Domain Admin has local Admin privileges on all machines in the domain as well as access to join new machines to the domain and create new accounts in the domain, etc. You can still have regular admin accounts which do not have these 'Domain' rights. The authenticated users will include, as stated machines, as well as local and domain accounts. Domain users are for users who have authed against the/a DC. So generally a network resource that was restricted to users whose machines were joined to the Domain (therefore affected by domain Group Policy), might use Domain Users, but you might use Authenticated users for just a public share on the local machine that didnt neccesarily require the accessing machine to be in the domain, but you just didnt want to use the Everyone access.

    -Maestr0
    \"If computers are to become smart enough to design their own successors, initiating a process that will lead to God-like omniscience after a number of ever swifter passages from one generation of computers to the next, someone is going to have to write the software that gets the process going, and humans have given absolutely no evidence of being able to write such software.\" -Jaron Lanier

  7. #7
    Member
    Join Date
    Dec 2003
    Posts
    97
    Also, if you want to grant access to all domain workstations to a share (you may need this when using a process running as SYSTEM) there is also a Domain Computers group that can be used for this purpose.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •