Platform SDK: Access Control |
One of the changes in Windows 2000 security policy has been to restrict anonymous local access to no rights; administrators can then add or subtract rights as they see fit. This was done because, in Windows NT, anonymous access conferred access equal to the group Everyone, and there are security issues involved with this. One solution would be to restrict anonymous access rights. However, applications such as Microsoft SQL Server rely on having this level of anonymous access.
In Windows 2000, a local access group has been created for these applications with the same access rights as Everyone (equivalent to Windows NT anonymous access). Administrators can then appropriately increase or decrease the number of users in that group. This group is named Pre-Windows-2000-compatible access group.
For more information, refer to the reference pages for the functions listed in the table of the Local Group Functions section.