Users included in the "Everyone" group
I have a Win2K Native mode network with some 2003 Servers. All workstations are either Win2K or XP Pro. My question is as follows: Does the Everyone group mean only authenticated users, or does it mean absolutely anybody including non-authenticated users? Thanks.
In Windows Server 2003 domains and on their servers, the anonymous token is not part of the group Everyone. In Windows 2000 it is. Therefore, when planning security for your network, you should remember that an anonymous user does have access to any resources that are given to the group Everyone. Restrict anonymous access, and where possible modify permissions so that Everyone does not have Full Control. Do be careful, however, since the group Everyone is often used to enable the operating system access to resources. When in doubt, provide both authenticated users and SYSTEM, Full Control, and then only add groups of users who need access to the resource, and always test in a test network before making changes in a production network.
This was first published in February 2005