Manage Login Filters

Specify the users and groups allowed to log in to the system. With this policy, you can explicitly list either:

Users and groups who are allowed to log in (all other users and groups are denied)
Users and groups who should be denied access (all others are allowed)

When you enable this policy, you can select either the allow or deny option, then specify a list of user names, a list of group names, or both.

You can specify a list of users or groups in either of these ways:

Enter a comma-separated list of users, groups, or both in the appropriate text boxes.
Click the List button, then Add, to browse for and select users or groups to allow or deny.

Depending on your selections when you configure this group policy setting, the policy can modify any of the following configuration parameters in the agent configuration file:

pam.allow.groups

pam.allow.users

pam.deny.groups

pam.deny.users

This group policy does not support one-way, cross-forest groups.