tags:

views:

561

answers:

1
Q: 

On Windows, who is in the Everyone and Authenticated Users groups?

My application uses a Named Pipe to do IPC. What access control should I place on it, to provide broad local only access?

The pipe is created by the .net 2.0 remoting protocol, and it already has an ACL for the 'NETWORK' group to deny all access, so I think only local users can access it. In my remoting configuration file I need to pick an 'authorizedGroup' who can access this pipe.

I would like any process running on the local machine to access my named pipe.

I would appear to need to select between access for the 'Everyone' Group or the 'Authenticated Users' group. Given the local-only access, what processes might be running under the 'Everyone' group that are not in the 'Authenticated Users' group?

I'm interested in answers for Windows XP and above.

A: 

"Everyone" is a collective group for "Authenticated Users" and "Guest". Note that for Win 2000 and earlier, it included "Anonymous" too where no checks are made

"Authenticated Users" is user who has logged into AD and has a login token.

My text is paraphrasing of Windows Server 2003 "Security identifiers".

Edit, "Network" from the link:

Includes all users who are logged on through a network connection. Access tokens for interactive users do not contain the Network SID.

To be honest, I've never thought about this one much... sorry.

gbn  2009-06-24 19:17:54
Two questions: - Are 'Anonymous' users from the network, by definition? - Is the guest account used by the Windows 'Guest access' feature users can turn on/off in the users control panel?
John McAleely  2009-06-24 19:35:30
Incidentally, I dont think 'Authenticated Users' has to be anything to do with AD. I believe, for example, the LocalSystem account is in Authenticated Users, and the group also works on standalone machines.
John McAleely  2009-06-24 19:37:46
True, I always think in network terms. However, each workgroup is effectively it's own domain if you think about it.
gbn  2009-06-24 19:50:10

related questions

Verifying files for testing
How do you create your own moniker (URL Protocol) on Windows systems?
Windows Equivalent of 'nice'
Is this a good way to determine OS Architecture?
Dual vs. Quadcore on a Webserver
Is there a WMI Redistributable Package?
PHP Error - Uploading a file
Ruby On Rails with Windows Vista - Best Setup?
OpenVPN Config file to prevent timeout
How can I create Debian install packages in Windows for a Visual Studio project?
How do I configure and communicate with a serial port?
What's the best setup for Mono development on Windows?
Appropriate pagefile size for SQL Server
XML Editing/Viewing Software
Linux shell equivalent on IIS
What is a better file copy alternative than the Windows default?
Windows Help files - what are the options?
Heap corruption under Win32; how to locate?
Best way to access Exchange using PHP?
Get a preview jpeg of a pdf on windows?
WinForms ComboBox data binding gotcha
How do you schedule tasks in Windows?
Register Windows program with the mailto protocol programmatically
Embedding Windows Media Player for all Browsers
Best Subversion clients for Windows Vista (64bit)