Re: windows new users?

Tech Tip: Click here to run a free scan for Windows Errors and optimize PC performance

Sooner or later you *will* have problems with your Server 2003 installation if you remove these groups, you will have problems with many of your server tools if the Authenticated Users group is not present. With the ever increasing push to secure and lock down machines those without the Authenticated Users group will hit into a brick wall! On Vista and Server 2008 removing the Authenticated users may prevent Explorer.exe from starting. On Windows XP some remote services will not work, for example you will not be able to receive remote assistance if you remove the Authenticated Users group. This Authenticated Users group was created to plug security holes with the Null Sessions, see here for more explanations:

http://www.microsoft.com/msj/0299/security/security0299.aspx
Security Briefs Q&A, MSJ February 1999

John

cscw wrote:
hi

[Quote]
The Authenticated Users group is the same as the Everyone group except it >does not contain anonymous users.
[end quote]

http://tinyurl.com/l5m8bv

John

Are you sure? I want to know WHY microsoft is configuring that that 2 type of users(which look a group since it is named as "authenticated users"/"interactive" but is actually just some security principal USER) to login to the system?

From your answers abv, Isn't it a big security bug(because those are actually "everyone") if your explaination is true?

[quote]
logons. Which applications do users use that requires users to be
members of these security principals? If you aren't a member of these
groups you cannot use Winlogon.exe and you cannot logon to the computer! [end quote]


From your answer abv, after they use winlogon.exe to login, which application are they trying to use? WHY microsoft are MAKING them to logon BY DEFAULT?? isn't that a SECURITY BUG because microsoft some "unauthorised users" to logon by default??

PS: I have already told you that all real users accounts still can login even these 2 accounts are deleted away.

Can some windows experts help to advise?

Thanks for the help.

.

Relevant Pages

  • Re: windows new users?
    ... Sorry, my mistake, they are members of the "Users" group. ... These accounts are on all my XP machines, they're not a result of virus activity. ... It appear as a username and not a group although it is named "userS" in the account name and they are security principal identifier accounts.. ... With the ever increasing push to secure and lock down machines those without the Authenticated Users group will hit into a brick wall! ...
    (microsoft.public.windowsxp.setup_deployment)
  • Re: Authenticated Users
    ... the Domain Admins is not a good thing, ... We found the authenticated users group being a member of the Domain ... Can any body shed any light on this, and also is this security risk? ...
    (microsoft.public.windows.server.active_directory)
  • Re: Authenticated Users
    ... I agree with the other guys having authenticated users group has members of the Domain Admins is not a good thing, and represents security issues for all FOREST. ...
    (microsoft.public.windows.server.active_directory)
  • Re: Distribution List Changes
    ... Can you double check double click the DL, go to security tab, advanced ... Check to see who has "Write member" permissions. ... James Chong (MVP) ... enable him to read the group only via the Authenticated Users group. ...
    (microsoft.public.exchange.admin)
  • RE: Cant set Local Security policies. They fail to save
    ... predefined Security Template on SBS 2003 to restore security groups ... run "gpupdate.exe /force" under command prompt to force the policy ... reboot the Server to test. ... and then logon to client computer to test if user can save system logs. ...
    (microsoft.public.windows.server.sbs)