6.4 Group Accounts
A group is a collection of user and/or computer accounts, and contacts that are managed as a single object.
The users and computers that belong to the group are known as group members. Groups are used to simplify
the administrative process of assigning permissions and rights to a large number of user and computer
accounts at the same time, resulting in these groups’ members having inherited permissions from the group.
When you install Windows Server 2003, a number of default groups are created on the computer and are
known as local groups. In addition, computers that are part a domain also have a number of default groups
that reside within the Active Directory database structure. You can create additional groups for both
workstation and domain-based computers.
Windows Server 2003 supports two types of groups: distribution groups, and security groups.
You can use distribution groups for distributing messages to group members by assigning an e-mail
address to the distribution group. All members of the distribution group that are mailbox enabled will
receive e-mail messages sent to the distribution group's e-mail address. This is the only usage for
You can also use security groups for the distribution of e-mail messages. But you can also use security
groups to simplify and reduce administrative requirements by assigning permissions and rights for
network resources to the group rather than to each individual user that requires access. All users and
groups that are members of the group will receive the configured permissions and rights through
inheritance. In addition, security groups enable you to delegate administrative responsibilities for
performing specific tasks in Active Directory. Security groups also provides you with the capability to
move users in and out of groups as their jobs and task requirements dictate