Built-In System Groups
Built-in system groups exist on Windows XP Professional
systems, and while they do have specific memberships that you
can modify, you cannot administer the groups directly. They
are available for modification only when you assign user rights and permissions to
resources. Built-in system group membership is based on how
the computer is accessed, not on who uses the computer. The
list below shows the primary built-in system groups and
their default properties and characteristics.
||The Everyone group
contains all of the users who access the computer. The
Full Control permission is assigned to the Everyone
group (and thus all the users in it) whenever there are
volumes on the local system formatted with NTFS.
||All users with valid
user accounts on the local system are included in the
Authenticated Users group. When your Windows XP system
is a member of a domain (or multiple domains), it
includes all users in the Active Directory database for
that given domain. Using the Authenticated Users group
for resource and system access instead of the Everyone
group is a suggested best practice.
||The Creator Owner
designation comes into play when a member of the
Administrators group creates a resource (or takes
ownership of a resource), because even though an
individual member may have performed the action, the
Administrators group owns the resource.
||The Network Built-in
System group contains any user with a current connection
from a remote system on the network to a shared resource
on the local system.
||Members of the
Interactive Built-in System group are “added” as they
log on locally to the system.
|Anonymous Logon||An Anonymous Logon user
account that Windows XP Professional cannot authenticate
is put into this Built-in System group.
|Dialup||Users are “added” to the
Dialup Built-in System group once they establish a
dial-up connection to the system.
You can set or revoke
permissions to these Built-in System groups at the resource.
(e.g. share, NTFS folder, printer, etc.)
[NOTES FROM THE FIELD] –
The Dialup Built-in System group does not appear on
systems that do not have modems installed and dial up
configurations in place.
wrap for this week. Be sure to check back in next week for
the next article in this series.
the meantime, best of luck in your
studies and please feel free to contact me with any
questions on my column and remember,
“Never tell me the odds”