在Windows上，谁在“所有人"和“身份验证的用户"组中? [英] On Windows, who is in the Everyone and Authenticated Users groups?

问题描述

我的应用程序使用命名管道进行IPC.我应该在其上放置什么访问控制，以提供广泛的仅限本地访问?

My application uses a Named Pipe to do IPC. What access control should I place on it, to provide broad local only access?

该管道是由.net 2.0远程协议创建的，并且已经为"NETWORK"组提供了ACL，以拒绝所有访问，因此我认为只有本地用户可以访问它.在远程配置文件中，我需要选择一个可以访问此管道的"authorizedGroup".

The pipe is created by the .net 2.0 remoting protocol, and it already has an ACL for the 'NETWORK' group to deny all access, so I think only local users can access it. In my remoting configuration file I need to pick an 'authorizedGroup' who can access this pipe.

我希望在本地计算机上运行的任何进程都可以访问我的命名管道.

I would like any process running on the local machine to access my named pipe.

我似乎需要在所有人"组或授权用户"组的访问权限之间进行选择.授予仅本地访问权限，哪些进程可能在不在授权用户"组中的每个人"组下运行?

I would appear to need to select between access for the 'Everyone' Group or the 'Authenticated Users' group. Given the local-only access, what processes might be running under the 'Everyone' group that are not in the 'Authenticated Users' group?

我对Windows XP及更高版本的答案很感兴趣.

I'm interested in answers for Windows XP and above.

推荐答案

每个人"是授权用户"和来宾"的集合组.请注意，对于Win 2000及更早版本，它也包含匿名"，而未进行任何检查

"Everyone" is a collective group for "Authenticated Users" and "Guest". Note that for Win 2000 and earlier, it included "Anonymous" too where no checks are made

授权用户"是已登录AD并具有登录令牌的用户.

"Authenticated Users" is user who has logged into AD and has a login token.

我的文字是对Windows Server 2003的解释:"安全性标识符".

My text is paraphrasing of Windows Server 2003 "Security identifiers".

从链接中编辑网络":

包括所有已登录的用户 通过网络连接.使用权 交互式用户的令牌不 包含网络SID.

Includes all users who are logged on through a network connection. Access tokens for interactive users do not contain the Network SID.

说实话，我从没想过这一件事...对不起.

To be honest, I've never thought about this one much... sorry.

这篇关于在Windows上，谁在“所有人"和“身份验证的用户"组中?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！