What Is The Computer Equivalent of Authenticated Users?
When working in Microsoft Active Directory using tools like Group Policy Editor, you may run into a situation in which you need to use an ALL COMPUTERS group.
Fear not, the AD group of all computers is called DOMAIN COMPUTERS.
This account is particularly handy when GPO Filtering.
Authenticated Users vs Everyone Group
When it comes to users if you want to set something to apply to all users, you can normally use AUTHENTICATED USERS or you can make the mistake of using EVERYONE. Both are build in groups but there is a critical different difference.
From Windows Server 2003 on, EVERYONE includes AUTHENTICATED USERS + the GUEST account + the ANONYMOUS account.
Here is the hair splitting details if you care:
Authenticated Users | Everyone | |
All Users in the Domain | Yes | Yes |
All Users in the Forest | Yes | Yes |
All Users in Trusted Forests & Domains | Yes | Yes |
Anonymous | No | Only on old Windows 2000 AD and on Windows XP. Not included on Windows Server 2003 AD and on Windows XP SP2 or newer |
Guest | Only on Windows 2000 Active Directory & WinXP – Guest is NOT included in Server 2003 AD, WinXP SP2 or newer Authenticated Users | Yes |
Can’t find Authenticated Users Group in Active Directory Users and Computers
That is correct. Authenticated users is a “special group” which does not appear in the Active Directory Users and Computers.
Here is a complete list of all special AD groups with a link to the Microsoft page explaining what they do:
- Anonymous Logon
- Authenticated Users
- Batch
- Creator Group
- Creator Owner
- Dialup
- Digest Authentication
- Enterprise Domain Controllers
- Everyone
- Interactive
- Local Service
- LocalSystem
- Network
- Network Service
- NTLM Authentication
- Other Organization
- Principal Self
- Remote Interactive Logon
- Restricted
- SChannel Authentication
- Service
- Terminal Server User
- This Organization
- Window Manager\Window Manager Group
0 Comments