Creating Group Keys for version 7.0 and above

I wish I understood the question, so I am going to give some general explanation. 

First: Groups

There are 2 ways to get groups into SafeGuard Enterprise.

One method is to import them from the Active Directory, the other is to create them in SafeGuard Management Center.

It sometimes makes sense to create groups in the SafeGuard Management Center, to prevent a domain administrator adding people to groups with keys to sensitive material.

Second: Group Keys

SafeGuard Management Center can create keys automatically when importing groups. However, it makes sense, to NOT CREATE KEYS automatically when importing groups from AD, or else you will end up with a lot of keys that will never be used, but fill up the database and, maybe worse, make for a long, long list of keys in the end user key ring.

I recommend to always right-click a group, and assign a key, independent of where the group came from.

Third: Group Membership

The advantage of using AD-imported groups in SafeGuard Enterprise is that management of group membership can be still done by the domain admin, the disadvantage is that users can be added that shouldn´t be.

The advantage of creating groups in SafeGuard Management Center is that Security Officers control group membership, which is at the same time the disadvantage.

So, for eg. Marketing I use a group imported from the AD, for HR I use a group managed in SafeGuard Enterprise.

This only works of course when you are able to apply separation of duties, so the domain admins can´t manage keys, and the security officers can assign access rights.