Learn Windows XP Professional: Managing Groups in Windows XP Professional (Page 7) Page 7

Built-In System Groups

Built-in system groups exist on Windows XP Professional systems, and while they do have specific memberships that you can modify, you cannot administer the groups directly. They are available for modification only when you assign user rights and permissions to resources. Built-in system group membership is based on how the computer is accessed, not on who uses the computer. The list below shows the primary built-in system groups and their default properties and characteristics.

System Group


The Everyone group contains all of the users who access the computer. The Full Control permission is assigned to the Everyone group (and thus all the users in it) whenever there are volumes on the local system formatted with NTFS.

Authenticated Users
All users with valid user accounts on the local system are included in the Authenticated Users group. When your Windows XP system is a member of a domain (or multiple domains), it includes all users in the Active Directory database for that given domain. Using the Authenticated Users group for resource and system access instead of the Everyone group is a suggested best practice.

Creator Owner
The Creator Owner designation comes into play when a member of the Administrators group creates a resource (or takes ownership of a resource), because even though an individual member may have performed the action, the Administrators group owns the resource.

The Network Built-in System group contains any user with a current connection from a remote system on the network to a shared resource on the local system.


Members of the Interactive Built-in System group are "added" as they log on locally to the system.

Anonymous Logon           An Anonymous Logon user account that Windows XP Professional cannot authenticate is put into this Built-in System group. 

Dialup Users are "added" to the Dialup Built-in System group once they establish a dial-up connection to the system.

You can set or revoke permissions to these Built-in System groups at the resource. (e.g. share, NTFS folder, printer, etc.)

[NOTES FROM THE FIELD] - The Dialup Built-in System group does not appear on systems that do not have modems installed and dial up configurations in place.

That's a wrap for this week. Be sure to check back in next week for the next article in this series.

In the meantime, best of luck in your studies and please feel free to contact me with any questions on my column and remember,

"Never tell me the odds"

Jason Zandri


This article was originally published on Jul 23, 2002

Thanks for your registration, follow us on our social networks to keep up-to-date