What Is The Computer Equivalent of Authenticated Users?

domain computersWhen working in Microsoft Active Directory using tools like Group Policy Editor, you may run into a situation in which you need to use an ALL COMPUTERS group.

Fear not, the AD group of all computers is called DOMAIN COMPUTERS.

This account is particularly handy when GPO Filtering.

Authenticated Users vs Everyone Group

When it comes to users if you want to set something to apply to all users, you can normally use AUTHENTICATED USERS or you can make the mistake of using EVERYONE.  Both are build in groups but there is a critical different difference.

From Windows Server 2003 on, EVERYONE includes AUTHENTICATED USERS + the GUEST account + the ANONYMOUS account.

Here is the hair splitting details if you care:

Authenticated Users Everyone
All Users in the Domain Yes Yes
All Users in the Forest Yes Yes
All Users in Trusted Forests & Domains Yes Yes
Anonymous No Only on old Windows 2000 AD and on Windows XP. Not included on Windows Server 2003 AD and on Windows XP SP2 or newer
Guest Only on Windows 2000 Active Directory & WinXP – Guest is NOT included in Server 2003 AD, WinXP SP2 or newer Authenticated Users Yes

Can’t find Authenticated Users Group in Active Directory Users and Computers

That is correct.  Authenticated users is a “special group” which does not appear in the Active Directory Users and Computers.

Here is a complete list of all special AD groups with a link to the Microsoft page explaining what they do:


0 Comments

Leave a Reply

Avatar placeholder

Your email address will not be published. Required fields are marked *