Realation between Guests and Users groups
in [Security]
|
Prev: list of certificates from cmd
Next: Security av 2009
From: Martin Plechsmid on 5 Aug 2010 01:59 Thank you for the link. Though still very unclear, it is a better document than any I have found. Martin. "John Wunderlich" <jwunderlich(a)lycos.com> p�e v diskusn�m p��sp�vku news:Xns9DC97AA28DF2Ewunderpsdrscray(a)138.125.254.103... > "Martin Plechsmid" <Send(a)No.Mail> wrote in > news:OFqYOvhMLHA.2232(a)TK2MSFTNGP02.phx.gbl: > >> Look, for instance, at "C:\Windows" and choose Properties - >> Security - Advanced. There you'll see permissions for >> Administrators, System, Owner, Users and PowerUsers, all >> non-inherited. No privilege for Guests (nor Everyone), though >> users in Guests group see the folder and file content without any >> problem. That's what I'm talking about. So, where the privileges >> for Guests come from? >> > > Martin, > > That makes your question much clearer. > The best answer I have found comes from the article: > > "Managing Authorization and Access Control" > <http://technet.microsoft.com/en-us/library/bb457115.aspx> > > It seems to indicate that with a couple of exceptions the "Groups" and > "Users" groups are essentially one-in-the-same: > > <quote> > Guests > > By default, members of the Guests group are denied access to the > application and system event logs. Otherwise, members of the Guests > group have the same access rights as members of the Users group. This > allows occasional or one-time users to log on to a workstation�s built- > in Guest account and be granted limited abilities. Members of the > Guests group can also shut down the system. > > Note: The Guest account, which is a member of the Guests group by > default, is not an authenticated user. When logged on interactively, > the Guest account is a member of both the Guests group and the Users > group. However, when logged on over the network, the Guest account is > not a member of the Users group. > > </quote> > > Hope this helps, > John |