This topic describes the ways by which you can specify a group.

For macOS and Linux, you specify a group by entering its name.

For Windows, you have the following choices for specifying a group:

• If AD is implemented, you can specify an AD group. You enter it by typing in the group and domain name, or an SID.
• You can select a built-in Windows group from a menu.

If you choose AD users or groups:

• You can specify trusted AD users or groups as long as the Carbon Black App Control Server has access to AD information about that user or group.
• AD-based privileges are determined when a user logs in. If you change an AD group in a way that affects Carbon Black App Control Console privileges, any logged-in users in that group are not affected until the next time they log in.

If you select a built-in Windows group, certain operating system versions might not provide the access you expect. On Windows Vista and later, recognition of membership in pre-defined security groups such as Administrators requires that the application run as an administrator. If a group definition is necessary for a rule, consider using security groups you have defined rather than the pre-defined groups.