Endpoint User Group functionality and computer accounts

book

Article ID: 160150

calendar_today

Updated On:

Products

Data Loss Prevention Endpoint Prevent

Issue/Introduction

You are configuring Endpoint User Groups to work with the DLP Endpoint Agent, and you need to know whether you can use groups that contain Active Directory computer accounts.

Resolution

The DLP Endpoint Agent only evaluates groups that contain the user account that is currently logged on. It does not perform a search for the Active Directory computer account of the machine where the agent is installed, or match against groups that contain computer accounts.

You should make sure that when configuring endpoint user groups, you select a Base DN and group objects that contain the user accounts of the endpoint users you wish to search for.