GFI EndPointSecurity installed on a Domain Controller can only monitor machines that are part of the same domain.

When installed on an Active DirectoryA technology that provides a variety of network services, including LDAP-like directory services. environment, GFI EndPointSecurity creates AD groups which can be used to allow or deny access to all the machines. Therefore if a user needs specific access to a device, the administrator just needs to add the user to the group, and changes will be made available when AD settings are updated locally on machines.

When GFI EndPointSecurity is installed on a Member Server it can monitor machines that are part of the domain as well as machines that are part of a workgroup.

This setup is preferable in the case you have the computers that are part of a domain together with computers that are members of a workgroup. It adds some complexity to the administration but gives more flexibility and a wider range of machines that can be controlled from a single console.

GFI EndPointSecurity can also be installed on a workgroup environment. If this option is used, GFI EndPointSecurity monitors only the machines that are members of the same group.

In this scenario, local groups need to be created on the GFI EndPointSecurity machine. The same groups need to be created also in the monitored machine so that permissions can be granted.

For more information refer to Configuring access permissions on workgroups.