What is the difference between security groups and group policies in Active Directory

I am trying to understand the difference between group policies and security group is AD DS. I am a bit confused since the sec groups also define security permissions and rights.

Does group policy have the power over sec groups as it has with the users and computers OU's?

Could someone explain this to me?

Thanks


Solution 1:

Security groups are a group of objects in Active Directory, be it computer objects or users or other security groups. They don't do anything but aggregate objects into a single object, as you would expect anything named "Group" to do.

You can then use a Security Group to set file permissions for example, which saves you having to define every single user individually everywhere you want them to have access, but there's a lot of other uses for Security Groups.

Group Policies on the other hand are common settings you want to apply to machines in your environment based upon different factors, for example you might want to apply printer settings for all users in an office.

You can also combine a Group Policy with a Security Group by defining for example that users belonging to Security_Group_X should have Group_Policy Printer_Settings_Office_X applied to them.

Before you go implementing a lot of either, it's advantages to come up with a naming scheme for them. Some environments like to name all their group policy objects starting with GPO_ and all their Security Groups with ACL_, others uses # at the start of Security Group names. It doesn't really matter what you use, as long as there's some sort of system.