Who is included in the authenticated users group

Download Microsoft Edge More info. Contents Exit focus mode. Applies to: Windows Server R2 Original KB number: Summary If you, as the administrator, delete one of the memberships of a special group, such as Authenticated Users, from a Built-in Domain Local Users group on a domain controller in Windows, you cannot readd the group by using the Active Directory Users and Computers tool.

Is this page helpful? Yes No. This group includes all domain controllers in an Active Directory forest. Domain controllers with enterprise-wide roles and responsibilities have the Enterprise Domain Controllers identity. This identity allows them to perform certain tasks in the enterprise by using transitive trusts.

All interactive, network, dial-up, and authenticated users are members of the Everyone group. This special identity group gives wide access to system resources. Whenever a user logs on to the network, the user is automatically added to the Everyone group. Any user who is logged on to the local system has the Interactive identity. This identity allows only local users to access a resource. Whenever a user accesses a given resource on the computer to which they are currently logged on, the user is automatically added to the Interactive group.

The Local Service account is similar to an Authenticated User account. The Local Service account has the same level of access to resources and objects as members of the Users group. This limited access helps safeguard your system if individual services or processes are compromised. Services that run as the Local Service account access network resources as a null session with anonymous credentials. This account does not have a password. This is a service account that is used by the operating system.

The LocalSystem account is a powerful account that has full access to the system and acts as the computer on the network. If a service logs on to the LocalSystem account on a domain controller, that service has access to the entire domain. Some services are configured by default to log on to the LocalSystem account.

The Authenticated Users group includes all users whose identities were authenticated when they logged on. This includes local user accounts as well as all domain user accounts from trusted domains.

A Guest account is a built-in account on a Windows system that is disabled by default. If enabled, it allows anyone to login without a password. Contrary to popular belief, anyone who is logged in anonymously—that is, they did not authenticate—will NOT be included in the Everyone group. When it comes to permissions, one critical question we need to be able to answer is: which humans have access to a particular resource? So if the file system is NTFS and Mike is denied write privilege's in one group then he should be denied write privilege's in all groups because a deny overrides an allow.

So it won't matter what access Mike is given from the pseudo group Authenticated Users if the Deny box is checked in the Users group for write or whatever else.

I get your point of why doesn't it show all groups and can't answer that more than other have, but at least you known someone won't have a certain permission by using deny. Sign up to join this community. The best answers are voted up and rise to the top. Stack Overflow for Teams — Collaborate and share knowledge with a private group.

Create a free Team What is Teams? Learn more. Windows groups and permissions: Authenticated Users group meaning Ask Question. Asked 8 years, 4 months ago. Active 6 months ago. Viewed 81k times. Improve this question. Excuse my ignorance, but why can't the command net know that mike also belongs to another group? The plural in "Local Group Memberships" makes me think it should be able to see all groups to which mike belong.

That's exactly my point, it should list all groups but it doesn't!