"Everyone" isn't really domain specific - IIRC it's one of those "accounts" that has a fixed SID. In other words, you'd have to add the local Everyone group
------------------------------------------------------ Roger D. Seielstad - MCSE Sr. Systems Administrator Inovis - Formerly Harbinger and Extricity Atlanta, GA > -----Original Message----- > From: Barber, Thomas [mailto:[EMAIL PROTECTED]] > Sent: Monday, October 07, 2002 1:57 PM > To: [EMAIL PROTECTED] > Subject: RE: [ActiveDir] No more Everyone Group? > > > > Yes everyone - I know the proper group to use is Domain Users. > > But is this inability to add the domain-based Everyone group > to a local group a "by-design" feature of UPNs? I fully > expect that from now on we will be using Domain Users (which > works by the way), but I was worried that the machines > already set up using the Everyone group would not work properly. > > > > -Tom Barber > > Systems Manager > > Alfred State College > > Alfred, NY 14802 > > (607)587-3558 > > > > -----Original Message----- > From: Craig Cerino [mailto:[EMAIL PROTECTED]] > Sent: Monday, October 07, 2002 1:51 PM > To: [EMAIL PROTECTED] > Subject: RE: [ActiveDir] No more Everyone Group? > > > > Thomas --- you should take care when entering Everyone > now that you are running in Active Directory. > > > > This name is a misnomer in regards to NT 4.0. It does > not mean EVERYONE IN THE DOMAIN it means EVERYONE (period). > If you apply this group to anything for security restrictions > than anyone with access to the directory can manipulate that > resource. I believe the group you are looking for is the > Domain Users Group. > > > > -----Original Message----- > From: Barber, Thomas [mailto:[EMAIL PROTECTED]] > Sent: Monday, October 07, 2002 1:29 PM > To: [EMAIL PROTECTED] > Subject: [ActiveDir] No more Everyone Group? > > > > Currently, we're running Windows 2K AD Native. > > > > Recently, I wanted to add the capability for all users > to be able to use Exchange 2000 Webmail by typing in their > UPN ([EMAIL PROTECTED]). Since I already had the > Pre-Windows 2000 SAM Account property populated, I populated > the UPN with the same name, with the @domain.com after it. > This worked fine. > > > > After this change, I have noticed several things have occurred: > > > > 1. You can not add the domain-based Everyone Group to a > local group on a Windows 2000 or XP client. We could do this > before, but can not do this now. Interestingly, you can > still use the domain-based Everyone group for Folder and File > permissions. > > 2. Some of the permissions I had set up for groups > don't seem to function anymore. Specifically, I created a > Computer Operators global group. This group could add/delete > computers to/from the domain; members of the group now get an > access denied message. > > > > Has anyone experienced similar issues? Could this be > caused by Group Policies affecting users with UPNs compared > to users with only SAM account names? > > > > > > > > -Tom Barber > > Systems Manager > > Alfred State College > > Alfred, NY 14802 > > (607)587-3558 > > > > List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
