Security Groups and Windows Authentication
Updated: April 11, 2013
Applies To: Windows 7, Windows Server 2008, Windows Server 2008 R2, Windows Vista
This reference topic describes the role of security groups in the authentication process.
Implementation of security groups for authentication purposes is useful in deployment scenarios across forests. Security groups are set at the domain level in Active Directory.
By using security groups, you can assign the same security permissions to many users who successfully authenticate, which simplifies access administration. It ensures consistent security permissions across all members of a group. By using security groups to assign permissions means that access control of resources remains constant and easy to manage and audit. By adding and removing users who require access from the appropriate security groups as needed, you can minimize the frequency of changes to access control lists (ACLs).
Security groups can be described according to their scope (such as Global, Domain Local, or Universal groups in Active Directory environments) or according to their purpose, rights, and role (such as the Everyone, Administrators, Power Users, or Users groups).
For information about security groups, see:
Group types in Windows Server 2003.
Understanding Group Accounts in Windows Server 2008 and Windows Server 2008 R2.