Understand what Everyone really means
No matter how much you know, it is always good to revisit the basics every now and then. That
said, I'd like to submit a follow up to Adesh Rampat's tip, Plan before you
the tip, one explicit comment was not made that can be easily overlooked. That is,
assigning "Everyone" to a resource means assigning everyone.
To clarify, Everyone includes
users like IUSR_computername and members of a foreign domain in a trust relationship with the local
domain. (The IUSR_computername is the account that NT uses to authenticate web users accessing the
system via IIS and trust relationships allow users from one NT 4 domain to access resources in
another NT 4 domain. Win2k handles things differently).
The moral of the story is to strongly consider the use of the Everyone group and keep in mind
exactly who all it includes, and consider explicitly denying these users, IUSR and trusted domains
if using the Everyone group is necessary.
This was first published in September 2001
Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.