There are four types of security groups and each has its own security scope.
- Machine local groups
This type of group can be created on a local computer. The security scope of this group is limited to this local machine. This group can include members that are Domain local groups, domain global groups and users within its domain and forest.
- Domain local groups
This type of group can be created on a domain controller of its perspective domain. This group can only be used to assign permission on resources within the same domain. This group can include user accounts, universal groups, and global groups from any domain.
- Domain global groups
This type of group can be created on a domain controller of its perspective domain. This group can be used to assign permission on resources in any trusted domain. This group can include user accounts, universal groups, and global groups from any domain.
- Universal groups
This type of group can be created on a domain controller of its perspective domain that is running in mixed mode or higher. This group is known as “jack-of-all-trade” because it is used to assign permissions to resources in multiple domains. This group can include user accounts, universal groups, and global groups from any domain.
Welcome to Learn and Share Blog. 