same question here: there's nothing you can really do to
control the addition of specific SIDs to the security token of any account
during logon - the Authenticated Users SID is one of those (besides many other
well-known-security-principals controlled by the system).
but if you tell us what you're trying to accomplish, we may
be able to help you reach your goal in other ways. For example, by not using
Authenticated Users to secure any data that you want to restrict access to in
any way... :-)
/Guido
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Al Mulnick
Sent: Dienstag, 20. Juni 2006 14:43
To: ActiveDir@mail.activedir.org
Subject: Re: [ActiveDir] can I exclude a particular user account from "authenticated users"?
On 6/20/06, joe
<[EMAIL PROTECTED]>
wrote:
Disable the account's ability to authenticate.Makes the account rather worthless but it is the only thing I can think of that would accomplish the stated goal.Programmatically you might be able to modify the token at the local machine level such that the auth users SID isn't enabled, but that would take some rather involved work I expect. See http://msdn.microsoft.com/library/default.asp?url="" . It isn't anything I have tried, just a theory based on some reading I have done in the API docs.
From: [EMAIL PROTECTED] [mailto: [EMAIL PROTECTED]] On Behalf Of Thommes, Michael M.Sent: Monday, June 19, 2006 10:31 PMSubject: [ActiveDir] can I exclude a particular user account from "authenticated users"?
This may sound like an off the wall question, but I would like to exclude a particular user account from the built-in security principal "Authenticated Users ". Is there any way to do this?
TIA!
Mike Thommes