Using User Context Filters

User Context Filters are used in a policy as either an

  • inclusion filter, to specify that the policy only applies to users in a specific AD Group.
  • exclusion filter, to specify that the policy applies to everyone except the users in a specific AD Group.

The User Context Filters are part of the Application Filter templates listed for Windows, macOS, and Unix/Linux systems, once created the OS type is referenced:

alt

This filter is available for all supported operating systems, with a couple of minor differences.

Windows

On Windows 10 endpoints, the filter ensures that Azure AD security groups can be targeted within Windows-based User Context Filters computers that are only joined to Azure AD. The User Context by User or Group SID allows the user to target an account (user or group) even if that account has not yet been inventoried in the server.

alt

For Privilege Manager on-premises, the User Context Filter can be used after the Active Directory synchronization completes. When creating and editing the filter, add any

  • Built-in Accounts,
  • Well-known Accounts, and/or
  • Domain User Groups, for which you may need to run the Active Directory sync task to update available users and groups, or
  • Specific Users,
  • Local Account Names,
  • Local Group Names,
  • User SIDs,
  • Group SIDs

to specifically select user and group context.

Then set the All specified conditions must be met switch to Yes, if ALL conditions must be met. Leave the switch set to No to match ANY.

You can also specify if accounts must be enabled to be targeted. This is an important checkbox to set if specific users have been added.

Refer to Using User Context Filters via SID to set up a User Context Filter via SID, if Azure AD synchronization has not yet happeded, but the Group SID is known.

macOS

On macOS endpoints, the filter can be set-up to target Domain User Groups when endpoints are integrated with NoMAD.

Refer to Leveraging the User Context Filter for NoMAD for macOS specifics of the User Context Filter.

Unix/Linux

Refer to User Context Filter under the Unix/Linux Filter section for Unix/Linux specifics of the User Context Filter.