Specify Group Names to Ignore

You can enter the list of local group names that aren't stored in Active Directory and separate each name with a space. The service will then use this list to disable looking up Active Directory account information for the specified groups. Ignoring this list of groups results in faster name lookups for system user accounts, such as tty and disk.

You can also specify a file that lists the usernames by entering the file: keyword and a file location. For example:

file:/etc/centrifydc/group.ignore

When you enable this policy, you can select the location where the group name list is populated. The default setting is "Populate group names to centrifydc.conf".

If you select "Populate group names to centrifydc.conf", this group policy modifies the nss.group.ignore setting in the DirectControl configuration (centrifydc.conf).

If you select "Populate group names to group.ignore", this group policy modifies the nss.group.ignore setting in centrifydc.conf as "file:/etc/centrifydc/group.ignore", and populates all configured group names to the group.ignore file. If you enter the file: keyword and a file location instead of the list of group names, this policy restores the ignore file /etc/centrifydc/group.ignore with the local list.

The selection of the populating location was added after DirectControl Agent version 5.6. If you're using version 5.5 or earlier, the agent ignores the population location setting and populates the user names to centrifydc.conf.