answersLogoWhite

0


Best Answer

â–  Security groups Security groups are used to group domain users into a single administrative unit. Security groups can be assigned permissions and can also be used as e-mail distribution lists. Users placed into a group inherit the permissions assigned to the group for as long as they remain members of that group. Windows itself uses only security groups.

â–  Distribution groups These are used for nonsecurity purposes by applications other than Windows. One of the primary uses is within an e-mail

As with user accounts, there are both local and domain-level groups. Local groups are stored in a local computer's security database and are intended to control resource access on that computer. Domain groups are stored in Active Directory and let you gather users and control resource access in a domain and on domain controllers

Group scopes determine where in the Active Directory forest a group is accessible and what objects can be placed into the group. Windows Server 2003 includes three group scopes: global, domain local, and universal.

â–  Global groups are used to gather users that have similar permissions requirements. Global groups have the following characteristics:

1. Global groups can contain user and computer accounts only from the domain in which the global group is created.

2. When the domain functional level is set to Windows 2000 native or Windows Server 2003 (i.e., the domain contains only Windows 2000 or 2003 servers), global groups can also contain other global groups from the local domain.

3. Global groups can be assigned permissions or be added to local groups in any domain in a forest.

â–  Domain local groups exist on domain controllers and are used to control access to resources located on domain controllers in the local domain (for member servers and workstations, you use local groups on those systems instead). Domain local groups share the following characteristics:

1. Domain local groups can contain users and global groups from any domain in a forest no matter what functional level is enabled.

2. When the domain functional level is set to Windows 2000 native or Windows Server 2003, domain local groups can also contain other domain local groups and universal groups.

â–  Universal groups are normally used to assign permissions to related resources in multiple domains. Universal groups share the following characteristics:

1. Universal groups are available only when the forest functional level is set to Windows 2000 native or Windows Server 2003.

2. Universal groups exist outside the boundaries of any particular domain and are managed by Global Catalog servers.

3. Universal groups are used to assign permissions to related resources in multiple domains.

4. Universal groups can contain users, global groups, and other universal groups from any domain in a forest.

5. You can grant permissions for a universal group to any resource in any domain

User Avatar

Wiki User

12y ago
This answer is:
User Avatar

Add your answer:

Earn +20 pts
Q: What are two group types and three group scopes?
Write your answer...
Submit
Still have questions?
magnify glass
imp