Authenticated Users & Interactive groups

's Computer Specifications

It appears those are BUILTIN Groups. Is there a way to create a User
or a Group that ONLY includes those two groups? That would seem to
create a synthetic Guest account, correct?

Is this possible?

In case you're wondering why: I'd like to create a User that is not a
member of Guests or Users, but can log into the computer interactively
with a profile. The Users group has too much permission and the
Guests group profiles are deleted when they log out. So basically I
want a Guests account with a permanent profile. How?

's Computer Specifications

(E-Mail Removed) wrote:
> It appears those are BUILTIN Groups. Is there a way to create a User
> or a Group that ONLY includes those two groups? That would seem to
> create a synthetic Guest account, correct?
>
> Is this possible?
>
> In case you're wondering why: I'd like to create a User that is not a
> member of Guests or Users, but can log into the computer interactively
> with a profile. The Users group has too much permission and the
> Guests group profiles are deleted when they log out. So basically I
> want a Guests account with a permanent profile. How?
>

Explicit "deny" takes precedence over inherited "permit". So you could
create a user that is a member of the "Users" group and also a member of
a group of your creation. You can explicitly deny permissions to that
group. You can also put that user in an OU and define a very restrictive
set of policies with limited user rights, etc.

....kurt

's Computer Specifications

On Feb 26, 1:34 pm, Kurt <k...@nospam.olypen.com> wrote:
> andre...@gmail.com wrote:
> > It appears those are BUILTIN Groups. Is there a way to create a User
> > or a Group that ONLY includes those two groups? That would seem to
> > create a synthetic Guest account, correct?
>
> > Is this possible?
>
> > In case you're wondering why: I'd like to create a User that is not a
> > member ofGuestsor Users, but can log into the computer interactively
> > with a profile. The Users group has too much permission and the
> >Guestsgroup profiles are deleted when they log out. So basically I
> > want aGuestsaccount with a permanent profile. How?
>
> Explicit "deny" takes precedence over inherited "permit". So you could
> create a user that is a member of the "Users" group and also a member of
> a group of your creation. You can explicitly deny permissions to that
> group. You can also put that user in an OU and define a very restrictive
> set of policies with limited user rights, etc.
>
> ...kurt

Thanks Kurt. That's exactly what I need.

Thread Tools
Show Printable Version Email this Page
Rate This Thread
Rate This Thread:

Similar Threads
Thread	Thread Starter	Forum	Replies	Last Post
How to Synchronize anonymous users with authenticated users using profiles?	Rodusa	Microsoft ASP .NET	2	8th Sep 2005 09:12 PM
Authenticated Users	Alan Illeman	Microsoft Windows 2000	0	17th Jun 2004 01:35 AM
Interactive vs. authenticated user? - more questions	leegold	Microsoft Windows 2000 Security	1	14th Sep 2003 03:10 AM
Re: NT AUTHORTY\Authenticated Users & NT AUTHORITY\Interactive	Jonathan Maltz [MS-MVP]	Microsoft Windows 2000 Security	6	3rd Sep 2003 07:31 PM
Authenticated users	NTNEWS	Microsoft Windows 2000 Security	0	28th Aug 2003 06:15 AM