Re: ACL Local Groups

From: Steven L Umbach (
Date: 08/04/04

Date: Wed, 04 Aug 2004 19:16:10 GMT

Global groups are created on domain controllers only and can be added to local groups
on domain members. So if I understand your question, then yes you must be a local
administrator to add domain global groups to a local group on that domain member or
it can be done with a startup script using Group Policy which runs in system context.
By default the domain admins are in the local administrators group on domain
embers. --- Steve

"arjan" <> wrote in message
> > I believe only administrators can create local groups on a computer. A power
>user can create and manage users it creates.
> So i can't create a global AD group which can create local groups, only if the are
members of the local administrators group ?
> arjan

Relevant Pages

  • Re: Everyone, Users, and Guests
    ... Domain Guests = anonymous logons (the Guest account is ... Domain Users = domain's authenticated users (a member of ... Global Groups go into Local Groups, ... Local Groups are given permissions to resources. ...
  • Re: I cant put a Group in a Group ??
    ... Global Groups Cannot be added to Local Groups ... Have users accounts and global groups as members. ... Have users, global groups, and universal groups from any domain as ...
  • global local security group question
    ... What's the proper way to setup security for a shared data directory? ... In AD, there are global groups, i.e. Accounting_Read, Accounting_Full, ... should I create local groups in AD and assign the ... Or should I create groups on the file server itself and assign ...
  • Re: Win2K cant see domain local group of a NT 4 pdc
    ... denied" error message if he tried to access a resource if local groups are ... So until we can unify all those NT 4 domains under a single Windows 2003 ... we are stuck with the global groups. ... User accounts that originate in the Windows ...
  • Re: Group Scope Question
    ... that domain local groups can only be used within the domain. ... will need to use global groups to give users access to resources in another ... Domain local groups are best used in access control lists ... I plan on having a Domain Controller in each site to ...