AD Group object properties – Security tab

The security tab of the group properties window is of high importance because it allows you to configure access permissions on the group object.

AD Group object properties Security tab

The security tab allows you to grant or deny permissions to other groups and users over the group object.

    • In the “group or user names” section you can choose the group or the user to whom you would like to deny or allow permission.
  • You can use the check boxes available in the “permissions” section to configure (allow or deny) the permissions the other users and groups will have over the group object.

Advanced button (security tab)

Clicking on the advanced tab opens another window with the following tabs

    • Permissions – using this tab you can view the other permissions that were assigned to the group by inheritance and also permissions that are allowed or denied to be inherited by child objects. This tab also allows you add permissions or edit existing permissions.
    • Auditing – using this tab you can view and configure the types of object accesses to be audited(or in other words for what types of accesses a log has to be maintained)
    • Owner – using this tab you can view and configure ownership rights over the group object
  • Effective permissions – This tab displays a list of permissions, each permission has a check box to its left indicating whether it’s effective or not.


All the members of a group inherit the permissions assigned to a group; the same applies to nested groups.

Note: If permission conflicts occur due to user’s membership in multiple groups, deny permissions always take precedence over allow permissions.



1 Star2 Stars3 Stars4 Stars5 Stars (2 votes, average: 5.00 out of 5)