CHAPTER 6Local Security Groups

Security groups are a primary mechanism for assigning permissions or roles to security principals in Microsoft Windows operating systems. Each modern Windows operating system has a set of default built-in local security groups. Each such group has its own set of access permissions defined for operating system objects, and has specific user privileges, logon rights, and so on, because each group has its own purpose. Built-in local security groups cannot be deleted and each has a hardcoded relative identifier (RID), which is the last part of a unique security identifier (SID), assigned to it.

Windows allows you to easily create, delete, and add members to a security group and perform other operations with security groups. Because security groups are used to assign permissions to specific accounts or groups, which are members of these groups, it's important to have good monitoring mechanisms for all actions performed with local security groups, especially with high privileged groups, like the local Administrators group.

Non–domain-joined machines have only two types of security groups that can be used within a machine:

  • Local security groups
  • Global security groups

All non–built-in local security groups are stored in the Security Account Manager database at the following registry ...

Get Windows Security Monitoring now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.