Security groups

Security groups were invented decades ago by admins fed up with assigning users permissions person-by-person. This reduced the time admins had free to pursue other important activities, such as playing Tetris. Therefore and thusly, you can understand why the idea of Windows group policy turned up in Active Directory.

The security group is just another object that allows anyone assigned to it the same security permissions. Want to quickly assign a new user security permissions? Just add them to the appropriate security group, job done.

Fair warning though, security groups can get complicated, not least because there are several types: local to a domain, global and universal. After Server 2016, they can even be time based.

Privileged access group

Although security privileges are granted to a user in the first instance by the type of account, in practice these are managed through the idea of groups.

For admins, this makes life much sunnier; users needing access to specific resources or rights can simply be added to an existing group.

A privileged access group is a special example of the group idea used to define and control more powerful rights. The advantage of this is it avoids the need to give accounts global privileges. Instead, privileged users can be segregated into different groups with rights and permissions granted in a granular way.

Read more: Privileged Access Management for Windows Active Directory Domain