Which of the following is NOT a feature of a group in Active Directory?

The statement about groups being used to enhance security on local machines is not a feature of groups in Active Directory. In Active Directory, groups are primarily utilized for managing user permissions and rights rather than directly enhancing security on local machines. While groups can certainly help consolidate access control and simplify the process of granting permissions to multiple users at once, their role is more about managing permission sets rather than focusing specifically on local machine security.

Conversely, the other features mentioned—like allowing the assignment of permissions, containing users from multiple domains, and providing a single point of management for user accounts—are all established functionalities of groups in Active Directory. Assigning permissions through group memberships is a foundational aspect of Active Directory, allowing administrators to manage access controls effectively. Additionally, groups can include users from different domains within a forest, facilitating a broader management scope. Lastly, groups streamline administrative tasks by consolidating user management, making it easier to apply policies or permissions collectively rather than individually. These elements underscore the fundamental purpose of groups within Active Directory, making the assertion regarding local machine security not applicable within the context of group features.