[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

Authenticated Users - Where is it?

Posted on 2007-10-17
3
Medium Priority
?
1,479 Views
Last Modified: 2008-05-31
Here's a stupid question - I'm poking around in Active Directory for Users and Computers.  I'm trying to find the "NT Authority" folder.  Specifically, I'm looking for the "NT Authority\Authenticated Users" group.  Is it hidden in the default ADUC configuration, or does the ADUC simply not give you access to the group?
0
Comment
Question by:jdana
3 Comments
 
LVL 70

Accepted Solution

by:
KCTS earned 1000 total points
ID: 20093666
You won't find it - its a "special" group. Authenticated users is a dynamic group that contains users who have been authenticated by Active Directory, once someone has entered their credentials and have been authenicated they automatically become a member of the group, when they log off they are removed from the group. You cannot manually control its membership.
0
 
LVL 30

Assisted Solution

by:LauraEHunterMVP
LauraEHunterMVP earned 1000 total points
ID: 20093701
Authenticated Users is a special group that is maintained internally by the Windows operating system, you cannot view the membership of this group, nor can you add or remove users from this group.  Most of the NT AUTHORITY groups correspond to well-known security principals like the ones described here: http://support.microsoft.com/kb/243330
0
 
LVL 9

Expert Comment

by:MSE-dwells
ID: 20093928
In addition to the information in the previous posts -- this is indeed a 'special' group that you gain membership in by merely being authenticated.  There are many others similar in nature to this one such as 'Network' or 'Interactive'.  If you subscribe to TechTarget, take a look at the series of articles I wrote that included a detailed breakdown of this aspect of AD, available if subscribed at -

http://searchwinit.techtarget.com/originalContent/0,289142,sid1_gci1195097,00.html

While the membership within the special groups cannot be viewed or directly influenced, their membership in other groups (group nesting) can.  However, objects like these only appear in Active Directory when the AD-database is forced to create a reference to them, for example - when you add 'Authenticated Users' to another AD group in an effort to simplify the allocation of a particular permission or set of permissions or rights.

Once groups like these are created in Active Directory, they're called Foreign Security Principals (FSPs or, internally to MS, FPOs [foreign principal objects]) and exist in a container of that name beneath the domain head.  Using Active Directory Users and Computer, select View --> Advanced Features and you'll find the container is probably now populated.  Expand the colums until you're able to read the names ... they are prefixed by 'NT Authority' as you mentioned earlier.  You are now able to review or alter their properties to a limited extent including their membership in other groups or the ACL (security) controlling who's permitted to do what to them.

All of that now said, what was your goal in the first place, purely informational or ???
0

Featured Post

Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In the absence of a fully-fledged GPO Management product like AGPM, the script in this article will provide you with a simple way to watch the domain (or a select OU) for GPOs changes and automatically take backups when policies are added, removed o…
A bad practice commonly found during an account life cycle is to set its password to an initial, insecure password. The Password Reset Tool was developed to make the password reset process easier and more secure.
Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …
Are you ready to implement Active Directory best practices without reading 300+ pages? You're in luck. In this webinar hosted by Skyport Systems, you gain insight into Microsoft's latest comprehensive guide, with tips on the best and easiest way…
Suggested Courses

834 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question