Some domain groups not found by 'mkgroup --domain'

Corinna Vinschen
Wed Nov 8 14:08:00 GMT 2000

Rick Rankin wrote:
> I'm not sure exactly how to provide an example -- the situation simply exists.
> However, I've been poking around in the MSDN documentation, and I've found some
> [...]

To keep it simple:

Each NT/W2K machine has local groups. A local group is only valid
on the local machine. They are retrieved by the function
`NetLocalGroupEnum' or in a Cygwin environment on the command line by
`mkpasswd -g' or `mkgroup -l'.

A domain is a domain is a domain. A domain has domain groups which
are sometimes named `global groups' by the Microsoft documentation.
These groups are retrieved by the function `NetGroupEnum' or on
the command line by `mkgroup -d DOMAIN'. If you don't give a domain
name, the default domain is used.

Domain (or global) groups may be member of local groups while
domain groups may only have users as members.

There's another class of groups which is called `predefined local
group' or similar. That are the groups which already exist on a
machine when it has been installed. Examples are the administrators
group or the guest group. Except that they are predefined they
behave the same as later defined local groups.

I suggest (how boring) reading the ntsec chapter in the online
users guide:


Corinna Vinschen                  Please, send mails regarding Cygwin to
Cygwin Developer              
Red Hat, Inc.

Want to unsubscribe from this list?
Send a message to

More information about the Cygwin mailing list