Another way to manage your user’s permissions is through Security Groups. 

When running our Discovery tool, your Security Groups get copied to itopia Catalog section. You can then import the groups from Catalog to send them to cloud (they will be created in AD).

Best practice is to create Security groups and folder structure with the permissions before moving the data to the folders. 

Creating Security groups

There are 2 ways of creating a security group in AD. 

  1. One is running the discovery and importing the groups from catalog. To import security groups from the catalog go to Cloud Desktops - Security groups and hover your mouse over the green + sign in the top right. Click Import from catalog.

2. Create groups manually clicking on the green + sign in the top right:

By default, to save a Security group, you must assign at least one user to it. The reason for this is that the system hides all the unused security groups gathered during the Discovery process.

When inventoring an environment, you'll see there are a lot of security groups generated by the system as well as unused security groups that remain in Active Directory. They are all detected by itopia Discovery tool when running the process. To make your work easier and the view cleaner, itopia hides the unused security groups (those with no users assigned).


To delete a group, check the box next to the name and hit the trash icon on the top menu.


Click the number under Users to see who is assigned to the Security Group


Mark the box next to the Group name and select the pencil icon to edit users:

Move users to the right to add them to the group or to the left to remove them.

IMPORTANT: There are some security groups created by the domain automatically. Please don't create security groups with following names since they already exist in AD and could cause a conflict:
Access Control Assistance Operators, Account Operators, Administrators, Backup Operators, Cert Publishers, Distributed COM Users, DnsAdmins, Domain Admins, Domain Computers, Domain Controllers, Domain Guests, Domain Users, Enterprise Admins, Enterprise Read-Only Domain Controllers, Event Log Readers, Group Policy Creators Owners, Guests, Network Configuration Operators, Performance Monitor Users, Print Operators, Protected Users, Remote Desktop Users, Remote Management Users, Replicator Schema Admins, Server Operators, Users

Find out more on how to manage folder permissions.


We'd love to hear from you! Please contact is with any questions or feedback!

Did this answer your question?