This video looks at the special identities that exist in Windows. Special identities work a lot like groups, but unlike a group, the membership of a special identity cannot be modified. Membership of special identities is determined by the way the user was authenticated or the type of connection.
Special Identities covered in this video
Anonymous Logon 01:56
Authenticated Users 02:34
The above special identities exist on all editions of Windows. The scope of the special identity is the local computer only. When you copy a file from one computer to another computer, any permissions that are configured using special identities are retained. Even though the scope of the special identity is limited to the local computer, Windows can achieve this retention because special identities always use the same Sid or security Identifier. For example, the everyone special identity is always S-1-1-0.
Allows access without a username and password.
When a connection is made and no username and password is given, this is classed as anonymous access. Anonymous access in Windows will generally be disabled by default and needs to be enabled. Remember this before configuring a file on a share with anonymous access.
This includes any user authenticated locally or via a domain controller. The user can be in the current forest or in an external domain separated by a forest. The only account that is not included in this group is the local guest account.
Includes authenticated users and the local built-in guest account.
Before Windows Server 2003, the everyone special identity also included anonymous logon.
This is when the user is physically in front of the computer or connected to the computer using remote desktop.
Any user that accesses the computer via a network connection.
“MCTS 70-640 Configuring Windows Server 2008 Active Directory” Microsoft Press, pg 179-180