Share via

Everyone vs Authorized users

Finlirkaren 1 Reputation point
2021-06-29T07:50:04.427+00:00

Hi.

So I've been tasked with a peculiar investigative operation. Without going into too much detail, I'm currently trying to find the path through which our Enterprise application is dumping an XML file to a folder on our fileserver. The process is quite unknown to me, but if security grants are given to the category "Everyone", the XML file will be dumped as it should. But granting the same access to all users in the AD does not yield the same result. After searching the web I know there is some difference between authorized users and the category Everyone. But I can't quite wrap my head around it. If it's not through a user, then where is it coming from? I also tried auditing access to the folder, but I don't get any obvious logs from it either. If you have any ideas of where to look or how to de-stalemate the situation. Currently it's quite hard to arrange an investigation from the "other side", as in just looking at the protocol for the dump.

Thanks for any help you can offer. I'm quite new to Active Directory administration!

Active Directory
Active Directory
A set of directory-based technologies included in Windows Server.
6,031 questions

4 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Andreas Baumgarten 99,046 Reputation points MVP
    2021-06-29T07:56:52.197+00:00

    Hi @Finlirkaren ,

    please take a look here: https://www.varonis.com/blog/the-difference-between-everyone-and-authenticated-users/#:\~:text=The%20Bottom%20Line,such%20as%20Guest%20and%20LOCAL_SERVICE%20.

    In short:

    Authenticated Users encompasses all users who have logged in with a username and password.

    Everyone encompasses all users who have logged in with a password as well as built-in, non-password protected accounts such as Guest and LOCAL_SERVICE.

    (If the reply was helpful please don't forget to upvote and/or accept as answer, thank you)

    Regards
    Andreas Baumgarten

    2 people found this answer helpful.
  2. Andreas Baumgarten 99,046 Reputation points MVP
    2021-06-29T13:03:46.353+00:00

    Hi @Finlirkaren ,

    if it's an anonymous account without login, for instance guest you wont get the user's details.
    Maybe auditing the folder is helpful: https://learn.microsoft.com/en-us/windows/security/threat-protection/auditing/apply-a-basic-audit-policy-on-a-file-or-folder

    ----------

    (If the reply was helpful please don't forget to upvote and/or accept as answer, thank you)

    Regards
    Andreas Baumgarten

  3. Daisy Zhou 19,906 Reputation points Microsoft Vendor
    2021-06-30T01:12:01.727+00:00

    Hello @Finlirkaren ,

    Thank you for posting here.

    Hope the information provided by AndreasBaumgarten is helpful to you.

    Should you have any question or concern, please feel free to let us know.

    Best Regards,
    Daisy Zhou

    ============================================

    If the Answer is helpful, please click "Accept Answer" and upvote it.

    0 comments
  4. Parvez Gadhia 1 Reputation point
    2021-07-02T06:43:33.35+00:00

    authenticated user comprises of all computers and users objects in respective active directory domain.

    everyone is addition to any other user on top of it.