Windows groups and permissions: Authenticated Users group meaning

There are a number of special groups in Windows. Included among these are Authenticated Users, Interactive Users, Everyone, etc. These days, Everyone and Authenticated Users are effectively equivalent for most purposes, but if you had a pre-2003 domain level domain that would not be true.

In any event, there is no way to observe the membership of these groups. In a sense the membership is calculated when a SACL or DACL is processed.

That said, it seems strange to me that you would be assigning permissions in the file system to authenticated users, especially C:\. A more appropriate setting would be Interactive Users or, if you're locking down workstations, read only.

The technical definitions of these two, according to Microsoft, are:

Authenticated Users:

Any user accessing the system through a logon process has the Authenticated Users identity. This identity allows access to shared resources within the domain, such as files in a shared folder that should be accessible to all the workers in the organization.

Everyone:

All interactive, network, dial-up, and authenticated users are members of the Everyone group. This special identity group gives wide access to a system resource.

You can find these for yourself, along with all others, here: http://technet.microsoft.com/en-us/magazine/dd637754.aspx

Authenticated users means exactly that - any and all users which have authenticated to the system. That would be any user that is a member of any group on your local system.

Since Mike is a member of users he is inherently an authenticated user.

In a domain environment this would be any user that is a member of any group on the domain.