|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Marc Sherman (msherman
bionetrix.com)Date: Fri Jul 06 2001 - 08:51:28 CDT
> -----Original Message-----
> From: Loschiavo, Dave [mailto:DLoschiavofrcc.cc.ca.us]
>
> Can someone please explain the functional differences between
> the built-in
> groups "Users" and "Authenticated Users" in Windows 2000?
I think the built-in "Users" container is just a list of users that you, as
an administrator, may modify. The users in this container may either
currently have an authenticated connection to an AD server or not. The
"Authenticated Users" group, I believe, is *not* avaliable for you, as an
administrator, to add to or delete from directly. When an user successfully
authenticates to an AD server, ADS then places that user in the
"Authenticated Users" group. When that user's authenticated session ends,
ADS then removes that user from the "Authenticated Users" group.
The built-in "Users" container also exists for backward compatibility for
NT's User Manager for Domains. This admintool will only add a new user to
the built-in "Users" container. In fact, I think that only users in the
built-in "Users" container are available for manipulation by NT 4.0
administration tools. This container also holds old NT 4 users when
migrating an NT 4 domain to a Windows 2000 domain.
> I'd like to
> understand what practical differance there is in assigning a right or
> permission to the group "Users" instead of the group
> "Authenticated Users",
> and vice versa.
I'm not sure because normally a user's rights or permissions don't come into
play until *after* they've authenticated.
Marc Sherman
BioNetrix Inc.
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]