search cancel

Endpoint User Group functionality and computer accounts


Article ID: 160150


Updated On:


Data Loss Prevention Endpoint Prevent


You are configuring Endpoint User Groups to work with the DLP Endpoint Agent, and you need to know whether you can use groups that contain Active Directory computer accounts.


The DLP Endpoint Agent only evaluates groups that contain the user account that is currently logged on. It does not perform a search for the Active Directory computer account of the machine where the agent is installed, or match against groups that contain computer accounts.

You should make sure that when configuring endpoint user groups, you select a Base DN and group objects that contain the user accounts of the endpoint users you wish to search for.