Difference between 'everyone' groups

  • Thread starter Thread starter Tom Edelbrok
  • Start date Start date
T

Tom Edelbrok

If you have a workstation (say XP) that is joined to a Server 2003 domain,
is the local PC's 'everyone' group any different than the domain 'everyone'
group?

For example, from the local Windows XP PC (while it is logged into the
domain) you right-click a folder on your local C: hard drive and go into the
'Security' tab. You then click the 'Locations ...' button and select the
local PC's name. Then you choose the group everyone and set some permissions
against it, (like whatever you want).

The other way of doing it is to select your 'domain.local' domain name when
you have clicked on the 'Locations ...' button, then select 'everyone' as a
group from the domain rather than from the local PC.

Note that in both cases above the group 'everyone' appears under the
security tab after having added it, but it appears exactly the same - there
is no icon or colouration to indicate that it is a different kind of
'everyone' in one case versus the other. So are they really the same? I
guess the question could be put this way: "When your workstation is joined
to a domain are both 'everyone' groups understood to mean 'everyone on the
domain', regardless of whether you selected the local 'everyone' or the
domain 'everyone'?"

Perhaps it works differently when you are a workstation connecting to
another workstation as a peer.

Can anyone explain the 'everyone' groups to me?

Thanks

Tom
 
Hello Tom,

Good to hear from you.

According to the message, I understand that you have some concerns
regarding the "Everyone Group". Is this correct?

Everyone Group is a well known security identifier, and its SID is S-1-1-0.
This means that there is only one Everyone Group. No matter what you
select, the local Windows XP PC or the whole domain, the group is the same.

To prove it, you can try the following steps.

1. Right-click a folder on the local drive C: and go into the Security Tab.

2. Add Everyone Group from the local machine.

3. Add another Everyone Group from the domain.

4. You will find that only one Everyone Group is listed. This means there
is no difference between the two Everyone Groups.

Everyone Group includes all users, even anonymous users and guests.
Membership is controlled by the operating system.

Note: By default, the Everyone Group no longer includes anonymous users on
a computer that is running Windows XP Service Pack 2 (SP2).

Refer to the following article for more information.

243330 Well-known security identifiers in Windows operating systems
http://support.microsoft.com/?id=243330

Hope this helps.

Best regards,

Frances He

Microsoft Online Partner Support

When responding to posts, please "Reply to Group" via your newsreader so
that others may learn and benefit from your issue.
=====================================================
Business-Critical Phone Support (BCPS) provides you with technical phone
support at no charge during critical LAN outages or "business down"
situations. This benefit is available 24 hours a day, 7 days a week to all
Microsoft technology partners in the United States and Canada.

This and other support options are available here:
BCPS:
https://partner.microsoft.com/US/technicalsupport/supportoverview/40010469
Others: https://partner.microsoft.com/US/technicalsupport/supportoverview/

If you are outside the United States, please visit our International
Support page: http://support.microsoft.com/common/international.aspx.
=====================================================
This posting is provided "AS IS" with no warranties, and confers no rights.
 
If you have a workstation (say XP) that is joined to a Server
2003 domain,
is the local PC's 'everyone' group any different than the
domain 'everyone'
group?

For example, from the local Windows XP PC (while it is logged
into the
domain) you right-click a folder on your local C: hard drive
and go into the
'Security' tab. You then click the 'Locations ...' button and
select the
local PC's name. Then you choose the group everyone and set
some permissions
against it, (like whatever you want).

The other way of doing it is to select your 'domain.local'
domain name when
you have clicked on the 'Locations ...' button, then select
'everyone' as a
group from the domain rather than from the local PC.

Note that in both cases above the group 'everyone' appears
under the
security tab after having added it, but it appears exactly the
same - there
is no icon or colouration to indicate that it is a different
kind of
'everyone' in one case versus the other. So are they really
the same? I
guess the question could be put this way: "When your
workstation is joined
to a domain are both 'everyone' groups understood to mean
'everyone on the
domain', regardless of whether you selected the local
'everyone' or the
domain 'everyone'?"

Perhaps it works differently when you are a workstation
connecting to
another workstation as a peer.

Can anyone explain the 'everyone' groups to me?

Thanks

Tom
Click to expand...

Everyone on local computer and Everyone on domain are diffrent,
However it dosnt matter which you use, becasue they have the same
effect.
 
Back
Top