special identity

What is special identity?

Also sometimes known as a system group, a special group account on a computer running Microsoft Windows NT or Windows 2000 that you can use to control security and access to NTFS volumes.

How It Works

Special identities are groups whose membership is controlled by the operating system itself, not by administrators or individual users. User accounts become “members” of these special groups based on the type of system activity they participate in; you cannot modify the “membership” of these groups directly.

Special identities on Windows NT systems include the following:

• Creator Owner:
  Consists of users who will create files or subdirectories within the current directory on an NTFS volume.

   

• Everyone:
  Consists of all network users, including guests and users from distrusted domains. Granting NTFS permissions to Everyone allows anyone to access the file or directory.

   

• Interactive:
  Consists of all users who log on interactively to the console of the machine or who access the NTFS file system on the machine from a local console.

   

• Network:
  Consists of all users who log on to the machine from over the network or who access the NTFS file system on the machine from over the network.

   

• System:
  Consists of the local operating system. System is not normally used when assigning permissions to files and directories on NTFS volumes.

   

Additional special identities in Windows 2000 include the following:

• Authenticated Users:
  Consists of all users with a valid user account in the local directory database or in Active Directory. The Authenticated Users identity was also added to Windows NT 4 in Service Pack 3.

   

• Anonymous Logon:
  Consists of any user accounts that Windows 2000 did not authenticate.

   

• Dialup:
  Consists of any users who currently have a dial-up connection.