-
February 24th, 2005, 09:56 PM
#1
Authenticated Users vs Domain Users!
I need some idea on this. I'm going throw my Local Security Setting on some my server when I noticed that the setting were not the same. In the Policy "Access this computer form the network" and some NTFS permission, some servers restrict the access to Authenticated Users build-in group and some restrict it using Domain Users build-in group! Witch one is the best?
I'm thinking Authenticated Users might be better since it a group that include all my 3 domains users instead of adding each domain to the security policy but I would like to get feedback from AO community.
Thank.
-
February 24th, 2005, 11:52 PM
#2
Authenticated users should basically replace anywhere where you used to have "everyone"...
Authenticated users includes any account that has authenticated, including computer accounts (which are often overlooked) for example...
Ammo
Credit travels up, blame travels down -- The Boss
-
February 25th, 2005, 02:19 AM
#3
Senior Member
Yeah, Domain Users covers USERS of that Domain. I can almost gurantee the Administrator account isnt in the Domain Users group, its in the Domain Admins group...
Whereas, Authenticated Users (definietly replace all occurances of Everyone) covers every user aslong as they have been Authenticated....
-
February 25th, 2005, 02:47 AM
#4
Originally posted here by Double//Cut
Yeah, Domain Users covers USERS of that Domain. I can almost gurantee the Administrator account isnt in the Domain Users group, its in the Domain Admins group...
Whereas, Authenticated Users (definietly replace all occurances of Everyone) covers every user aslong as they have been Authenticated....
Domain Users include ALL account from the domaine including all Admin Account.
-
February 25th, 2005, 05:47 AM
#5
Senior Member
Originally posted here by SDK
Domain Users include ALL account from the domaine including all Admin Account.
Actually, not necessarily. By default all users are set to 'Primary Group: Domain Users', but if you change a users Primary Group to something else, you can remove the user from 'Domain Users'... not really sure why you would wanna do that though.. but you could.. heh.. !
So I guess 'Authenticated Users' is a safer bet.
-
February 25th, 2005, 05:56 AM
#6
A Domain administrator is not an Administrator. The Domain Admin has local Admin privileges on all machines in the domain as well as access to join new machines to the domain and create new accounts in the domain, etc. You can still have regular admin accounts which do not have these 'Domain' rights. The authenticated users will include, as stated machines, as well as local and domain accounts. Domain users are for users who have authed against the/a DC. So generally a network resource that was restricted to users whose machines were joined to the Domain (therefore affected by domain Group Policy), might use Domain Users, but you might use Authenticated users for just a public share on the local machine that didnt neccesarily require the accessing machine to be in the domain, but you just didnt want to use the Everyone access.
-Maestr0
\"If computers are to become smart enough to design their own successors, initiating a process that will lead to God-like omniscience after a number of ever swifter passages from one generation of computers to the next, someone is going to have to write the software that gets the process going, and humans have given absolutely no evidence of being able to write such software.\" -Jaron Lanier
-
February 25th, 2005, 02:22 PM
#7
Also, if you want to grant access to all domain workstations to a share (you may need this when using a process running as SYSTEM) there is also a Domain Computers group that can be used for this purpose.
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|