1 00:00:06,980 --> 00:00:14,910 Windows and the assholes who support special identities which are groups and which the operating system 2 00:00:14,910 --> 00:00:22,500 controls membership you can not view the groups an at least in Active Directory Users and Computers 3 00:00:22,500 --> 00:00:33,090 for example so you can not view or modify the membership of these special identities and or add them 4 00:00:33,090 --> 00:00:34,760 to other groups. 5 00:00:34,770 --> 00:00:39,390 You can however use these groups to assign rights and permissions. 6 00:00:39,600 --> 00:00:48,830 Let's take a look at the most important special identities often called groups for convenience so anonymous 7 00:00:48,830 --> 00:00:49,650 Logan. 8 00:00:49,830 --> 00:00:58,170 This identity represents connections to computer and it's the resources that do not require a user name 9 00:00:58,170 --> 00:01:02,340 and password before Windows Server 2003. 10 00:01:02,340 --> 00:01:08,760 This group was a member of the everyone group beginning with Windows Server 2003. 11 00:01:08,760 --> 00:01:13,340 This group is no longer a default member of the everyone group. 12 00:01:13,350 --> 00:01:16,370 Next one is authenticated users. 13 00:01:16,410 --> 00:01:20,460 This identity represents authenticated identities. 14 00:01:20,460 --> 00:01:26,010 This group does not include the guest account even if it has a password. 15 00:01:26,040 --> 00:01:27,900 Next one is everyone. 16 00:01:27,960 --> 00:01:32,940 This identity includes authenticate it to users and the guest account. 17 00:01:32,940 --> 00:01:35,310 Next one is interactive. 18 00:01:35,310 --> 00:01:43,410 This identity represents users who are accessing a resource while silent in locally to the computer 19 00:01:43,740 --> 00:01:50,130 that is hosting the resource as opposed to accessing their resource or where the network. 20 00:01:50,130 --> 00:01:58,050 When a user accesses and a resource on a computer on which the user has signed in locally the user resided 21 00:01:58,170 --> 00:02:02,220 automatically to the interactive group for the resource. 22 00:02:02,250 --> 00:02:09,440 The interactive identity also includes users who sign in through a remote desktop connection. 23 00:02:09,450 --> 00:02:11,170 Next one is network. 24 00:02:11,280 --> 00:02:19,140 This identity represents users who access a resource over the network as opposed to users who sign in 25 00:02:19,140 --> 00:02:23,340 locally at the computer that is hosting their resource. 26 00:02:23,340 --> 00:02:30,360 When a user accesses any resource or where the network the user reside it automatically to the network 27 00:02:30,360 --> 00:02:32,430 group or that resource. 28 00:02:32,430 --> 00:02:41,190 And finally creator owner this identity represents the security principle that created an object the 29 00:02:41,190 --> 00:02:47,160 creator owner automatically has full control permissions on the object. 30 00:02:47,160 --> 00:02:51,340 By virtue of being the entity that created the object. 31 00:02:51,450 --> 00:03:00,900 Now the importance of these special identities is that you can use them to provide access to resources 32 00:03:00,900 --> 00:03:06,750 based on the type of authentication or connection rather than the user account. 33 00:03:06,750 --> 00:03:15,210 For example you could create a folder on a system that allows users to view its contents when they sign 34 00:03:15,210 --> 00:03:17,630 in locally to the system. 35 00:03:17,760 --> 00:03:26,230 But that does not allow users the same users to view the contents of a mapped drive over the network. 36 00:03:26,310 --> 00:03:33,750 You could achieve this by using and assign and permissions to the interactive special identity. 37 00:03:33,810 --> 00:03:41,220 A common scenario for the creator owner group is when you are set NTFS permissions on a route folder 38 00:03:41,550 --> 00:03:47,030 to allow users to create sub folders such as home directories. 39 00:03:47,070 --> 00:03:54,990 The greater owner group grants users full control permissions on those phone directories because the 40 00:03:54,990 --> 00:03:57,800 user created the sub folder.