Windows: The Difference Between Everyone and Authenticated Users groups

A very important group !

A very important group !

Okay, yes, I admit it: I didn’t know in “depth” the difference between Everyone and Authenticated Users built-in on M$ Windows groups. Here is the result of my research about this argument.

Authenticated Users encompasses all users who have logged in with a username and password.
Everyone encompasses all users who have logged in with a password as well as built-in, non-password accounts such as Guest and SERVICE, LOCAL_SERVICE, NETWORK_SERVICE.
Att.: A Guest account is a built-in account on a Windows system that is disabled by default: if enabled, it allows anyone to login without a password.

Another interesting thing: what is the difference between Guest and Anonymous logon ?

If I try to connect to a shared folder and the supplied username is not known to the server system, and the guest account is enabled, then the client will be successfully logged on as the guest account.

Anonymous access is independent of whether the guest account is enabled: like you say, it involves sending an empty username.

I.e. you can explictly try to map a drive with null credentials by typing



net use X: \\server\share /u:”” “”

Att.: To permit an anonymous account to connect to a shared foder is mandatory to enable several items in Group Policies (under Local Policies/Security Policies). Generally speaking enable Anonymous Access to a share is very dangerous: the point is that if you have anonymous connections being made to your servers, someone is deliberately trying to gather a lot of information and, maybe, read/modify/delete important files !

This entry was posted in Windows and tagged . Bookmark the permalink.