Using User Context Filters

User Context Filters are used in a policy as either an

  • inclusion filter, to specify that the policy only applies to users in a specific AD Group.
  • exclusion filter, to specify that the policy applies to everyone, except the users in a specific AD Group.

The User Context Filters are part of the Application Filter templates:

User Context Filter templates

This filter is available for all supported OSs.

On-Premise

For Privilege Manager on-premises the User Context Filter can be used after the Active Directory synchronization completes. When creating and editing the filter, add any of the following information can be specified to identify the user context.

If you need to modify any items within Privilege Manager, duplicate the item and modify the duplicate instead of the built-in item so that an upgrade does not overwrite it.

  • Built-in Accounts: Use Add, then select a resource and click Select.
  • Local Account Names: If entering multiple account names, each entry must go on a new line.
  • Local UIDs: If entering multiple UIDs, each entry must go on a new line.
  • Local Group Names: If entering multiple local group names, each entry must go on a new line.
  • Domain User Groups: Refer to "Leveraging the User Context Filter for NoMAD" topic below.
  1. Select if ALL conditions must be met. Leave the box unchecked to match ANY. You can also specify if accounts must be enabled to be targeted. This is an important checkbox to set if specific users have been added.
  2. Click Save Changes to save any customization of the filter.