Security Groups and Windows Authentication

Updated: April 11, 2013

Applies To: Windows 7, Windows Server 2008, Windows Server 2008 R2, Windows Vista

This reference topic describes the role of security groups in the authentication process.

Implementation of security groups for authentication purposes is useful in deployment scenarios across forests. Security groups are set at the domain level in Active Directory.

By using security groups, you can assign the same security permissions to many users who successfully authenticate, which simplifies access administration. It ensures consistent security permissions across all members of a group. By using security groups to assign permissions means that access control of resources remains constant and easy to manage and audit. By adding and removing users who require access from the appropriate security groups as needed, you can minimize the frequency of changes to access control lists (ACLs).

Security groups can be described according to their scope (such as Global, Domain Local, or Universal groups in Active Directory environments) or according to their purpose, rights, and role (such as the Everyone, Administrators, Power Users, or Users groups).

For information about security groups, see:

See Also


Windows Authentication Concepts