Re: windows new users?

Tech Tip: Click here to run a free scan for Windows Errors and optimize PC performance

I can't be much more specific than that. Anyone who logs on locally is automatically a member of the the interactive group, remove this account and no one will be able to logon locally.

Anyone who logs on to a domain controller (except guests) is automatically a member of the the interactive group, remove this account and no one will be able to logon to the domain.

I'm not 100% whether or not the Authenticated group is in play for local logons. Which applications do users use that requires users to be members of these security principals? If you aren't a member of these groups you cannot use Winlogon.exe and you cannot logon to the computer!

John

cscw wrote:
Hi

Thanks for the respond. However, I need the answer to be specific. Which programs/appplication did these users use? which users are from these 2 groups? If there are too many, just list a few examples.

Are this "authenticated users" and "interactive" users refering to other security principal identifiers or those real users added by the administrator? Are they really nessesary?

Can the microsoft windows experts(or best, some microsoft windows service packs developers) help to advise me on this?

PS: I have encounter this problem on windows server 2003 sp2 too. I have already deleted them away (b4 writing my 1st post)but didn't encounter any problems logging in.

Thanks for the help.

"John John - MVP" wrote:


http://support.microsoft.com/KB/243330
Well-known security identifiers in Windows operating systems


John John - MVP wrote:
SID: S-1-5-11
Name: Authenticated Users
Description: A group that includes all users whose identities were authenticated when they logged on. Membership is controlled by the operating system.

SID: S-1-5-4
Name: Interactive
Description: A group that includes all users that have logged on interactively. Membership is controlled by the operating system.

John

cscw wrote:
hi

After installing windows xp sp2, I found 2 new users appear in the "users" account group. "NT Authority\Authenticated Users(S-1-5-11) and "NT Authority\INTERACTIVE(S-1-5-4).

Are they suppose to be there(or have I encounter some viruses)? What are the purposes?

Thanks for helping.
.

Relevant Pages

  • Re: sp_revoke login is not working as expected.
    ... EXEC xp_logininfo 'MyDomain\SomeUserAccount','members' ... Try specifying a group member rather than the group. ... This should list the Windows groups the user can connect with. ... connect with the non-existing login. ...
    (microsoft.public.sqlserver.security)
  • Re: windows new users?
    ... the Authenticated Users group and the Interactive Users group are added to the Users group on Windows Server 2003 computers. ... A member of the Interactive Users group, whose credentials are trusted, can log on to the server interactively. ... automatically a member of the the interactive group, remove this account and no one will be able to logon locally. ...
    (microsoft.public.windowsxp.setup_deployment)
  • Re: Role of current windows login user
    ... as Windows based 'roles' are mapped to "Windows security group" ... generic member of a sales department. ... |> opens the resource, this is the task of the OS and not the ...
    (microsoft.public.dotnet.languages.csharp)
  • Re: KRB Error
    ... I'm heading out the door for the day, but there is something tickling the back of my brain about differences with Authenticated Users from Windows 2000 to 2003. ... server of Domain A) as an Domain Administrator. ... Member servers on Domain A cannot access resources on Domain B. ...
    (microsoft.public.win2000.active_directory)
  • Re: Egg Head Cafe Is SPAMMING This News Group!
    ... You are required to be a member to post replies. ... After logging in or becoming a member, you will be redirected back to this page. ... Is legal my WINDOWS vISTA SOFTWEAR? ...
    (microsoft.public.windows.vista.general)