I am trying to create a scenario of file system permission to test a software that I am currently developing. In this scenario I want a group be a memberOf another group. However on the global domain-controller this works and is also a best practise in Windows (as far as I am concerned).
But if I try to nest a group into another group on my local machine it just allows me to add users or integrated security principals (not sure if this is the right translation).
Is there a way to possibly overcome this restriction?
You can only nest certain types of groups in other groups. Local groups cannot contain other local groups. See: http://support.microsoft.com/kb/974815?wa=wsignin1.0
For AD group nesting rules, this article should help: http://technet.microsoft.com/en-us/library/cc776499(v=ws.10).aspx