Implicit Groups and Special Identities
Windows 2000 defines a set of special identities that you can use to assign permissions in certain situations.
You usually assign permissions implicitly to special identities.
However, you can assign permissions to special identities when you modify Active Directory objects.
The special identities include:
| Anonymous Logon | Any user accessing the system through anonymous logon has the Anonymous Logon identity. This identity is used to allow anonymous access to resources, such as a Web pages published on the corporate presence servers. |
| Authenticated Users | Any user accessing the system through a logon process has the Authenticated Users identity. This identity is used to allow access to shared resources within the domain, such as files in a shared folder that should be accessible to all the workers in the organization. |
| Batch | Any user or process accessing the system as a batch job (or through the batch queue) has the Batch identity. This identity is used to allow batch jobs to run schedule tasks, such as a nightly cleanup job that deletes temporary files. |
| Creator Group | Windows 2000 uses this group to automatically grant access permissions to users who are members of the same group(s) as the creator of a file or a directory. |
| Creator Owner | The person who created the file or the directory is a member of this group. Windows 2000 uses this group to automatically grant access permissions to the creator of a file or directory. |
| Dial-Up | Any user accessing the system through a dial-up connection has the Dial-Up identity. This identity is used to distinguish dial-up users from other types of authenticated users. |
| Enterprise Domain Controllers | Domain controllers with enterprise-wide roles and responsibilities have the Enterprise Domain Controllers identity. This identity allows them to perform certain tasks in the enterprise using transitive trusts. |
| Everyone | All interactive, network, dial-up, and authenticated users are members of the Everyone group. This group is used to give wide access to a system resource. |
| Interactive | Any user logged on to the local system has the Interactive identity. This identity is used to allow only local users to access a resource. |
| Network | Any user accessing the system through a network has the Network identity. This identity is used to allow only remote users to access a resource. |
| Proxy | Users and computers accessing resources through a proxy have the Proxy identity. This identity is used when proxies are implemented on the network. |
| Restricted | Users and computers with restricted capabilities have the Restricted identity. On a member server or workstation, a local user who is a member of the Users group (rather than the Power Users group) has this identity. |
| Self | The Self identity refers to the object itself and allows the object to modify itself. |
| Service | Any service accessing the system has the Service identity. This identity grants access to processes being run by Windows 2000 services. |
| System | The Windows 2000 operating system itself has the System identity. This identity is used when the operating system needs to perform a system-level function. |
| Terminal Server User | Any user accessing the system through terminal services has the Terminal Server User identity. This identity allows terminal server users to access terminal server applications and to perform other necessary tasks with terminal services. |
[ TOP ]