How to Add Special Groups to Built-In Groups


If you, as the administrator, delete one of the memberships of a special group, such as Authenticated Users, from a Built-in Domain Local Users group on a domain controller in Windows 2000, you cannot re-add the group by using the Active Directory Users and Computers tool. To add one of the special groups to a domain local group on a domain controller, use the net localgroup command.

For example, use the following command to add the Authenticated Users group back to the Built-in Domain Local Users group on a domain controller:

net localgroup users "nt authority\authenticated users" /add

More Information

In Windows 2000, there are certain special groups that are created by the system and that are used for special purposes. A list of these special groups in Windows 2000 includes:

Authenticated Users
Anonymous Logon
Creator Owner
Creator Group
Enterprise Domain Controllers
Terminal Server User
Because you cannot alter the membership of these groups, the groups are not listed in Active Directory Users and Computers (Dsa.msc). However, these groups are very useful for operations such as assigning permissions to directories, files, shared network directories, or printers.

Users become members of these special groups depending on the operation that they are trying to perform. For example, a user gains the Interactive group membership in their token whenever they use a computer locally. The Network group would be added to a user's token anytime that a user connects over the network to a computer.