Cannot Add Windows Local Groups to Access Control List

You cannot use Windows local groups to assign security on remote systems. You can use local group only on the individual computer on which it is created. A local group is not stored in the domain SAM database.

Windows domain controllers are an exception to this behavior. Domain controllers share a set of local groups that can be shared only with other domain controllers. To make security assignments to the Oracle Solaris SMB service, use global groups.

The Oracle Solaris SMB service has its own set of local groups that are provided for Windows compatibility purposes. These local groups permit a limited set of privileges, and they can also be used for security assignments to individual files and folders.


Windows domain local groups are not supported.