“Net localgroup” on a vista domain member allows adding a domain local group from a trusted domain.

The membership is there but will never work as the SID will not appear in the access token of a user or computer connecting to the machine.

The GUI allows adding the group only when you focus on the GC.

The same behavior happens on Windows XP and Windows 2003,and Windows 2008.

Leave a Reply