This question came about from my recommendation that resources are shared utilizing the Authenticate Users group instead of the Everyone group. The issue was why we do not use the Domain Users group. Reading below you will see that the Domain Users group can be used on domain controllers. For resources on non-domain controllers, you will need to use the Authenticated Users group. For simplicity and a consistent configuration throughout your network, I still recommend the use of Authenticated Users for all resource sharing that is open to all authenticate users of your environments.
Microsoft definition of the Authenticated Users group is: Includes all users with a valid user account on the computer or in Active Directory services. Use the Authenticated Users group instead of the Everyone group to prevent anonymous access to a resource.
Domain Users group: This group contains all domain users. By default, any user account created in the domain becomes a member of this group automatically. This group can be used to represent all users in the domain. For example, if you want all domain users to have access to a printer, you can assign permissions for the printer to this group (or add the Domain Users group to a local group, on the print server, that has permissions for the printer).
Everyone Group: Includes all users who access the computer. Windows 2000 will authenticate a user who does not have a valid user account as Guest. The user automatically gets all rights and permissions assigned to the Everyone group. A group that includes all users, even anonymous users and guests. (The anonymous users were removed from this group with Windows Server 2003) I updated this information on Aug 27, 2012 in another blog posting.
Do not assign resource permissions or user rights to this account. Use Authenticated Users or specific user accounts and groups where necessary