Built-In System Groups
Built-in system groups exist on Windows XP Professional
systems, and while they do have specific memberships that you
can modify, you cannot administer the groups directly. They
are available for modification only when you assign user rights and permissions to
resources. Built-in system group membership is based on how
the computer is accessed, not on who uses the computer. The
list below shows the primary built-in system groups and
their default properties and characteristics.
Built-in System Group |
Description |
---|---|
Everyone |
The Everyone group contains all of the users who access the computer. The Full Control permission is assigned to the Everyone group (and thus all the users in it) whenever there are volumes on the local system formatted with NTFS. |
Authenticated Users |
All users with valid user accounts on the local system are included in the Authenticated Users group. When your Windows XP system is a member of a domain (or multiple domains), it includes all users in the Active Directory database for that given domain. Using the Authenticated Users group for resource and system access instead of the Everyone group is a suggested best practice. |
Creator Owner |
The Creator Owner designation comes into play when a member of the Administrators group creates a resource (or takes ownership of a resource), because even though an individual member may have performed the action, the Administrators group owns the resource. |
Network |
The Network Built-in System group contains any user with a current connection from a remote system on the network to a shared resource on the local system. |
Interactive |
Members of the Interactive Built-in System group are “added” as they log on locally to the system. |
Anonymous Logon | An Anonymous Logon user account that Windows XP Professional cannot authenticate is put into this Built-in System group. |
Dialup | Users are “added” to the Dialup Built-in System group once they establish a dial-up connection to the system. |
You can set or revoke
permissions to these Built-in System groups at the resource.
(e.g. share, NTFS folder, printer, etc.)
[NOTES FROM THE FIELD] –
The Dialup Built-in System group does not appear on
systems that do not have modems installed and dial up
configurations in place.
That’s a
wrap for this week. Be sure to check back in next week for
the next article in this series.
In
the meantime, best of luck in your
studies and please feel free to contact me with any
questions on my column and remember,
“Never tell me the odds”
Jason Zandri
Jason@Zandri.net
www.2000trainers.com