Re: [ActiveDir] can I exclude a particular user account from "authenticated users"?

[Al Mulnick]

I'm just curious why you would want to remove an authenticated user from the authenticated users group?  What's the goal?  

On 6/20/06, joe <[EMAIL PROTECTED]> wrote:

Disable the account's ability to authenticate.

 

Makes the account rather worthless but it is the only thing I can think of that would accomplish the stated goal.

 

Programmatically you might be able to modify the token at the local machine level such that the auth users SID isn't enabled, but that would take some rather involved work I expect. See http://msdn.microsoft.com/library/default.asp?url="" . It isn't anything I have tried, just a theory based on some reading I have done in the API docs.

 

--

O'Reilly Active Directory Third Edition - http://www.joeware.net/win/ad3e.htm 

 

 

---

From: [EMAIL PROTECTED] [mailto: [EMAIL PROTECTED]] On Behalf Of Thommes, Michael M.

Sent: Monday, June 19, 2006 10:31 PM

To: ActiveDir@mail.activedir.org

Subject: [ActiveDir] can I exclude a particular user account from "authenticated users"?

 

This may sound like an off the wall question, but I would like to exclude a particular user account from the built-in security principal "Authenticated Users ".  Is there any way to do this?

TIA!

Mike Thommes