Directory Membership Conditions
These conditions check Organizational Unit (OU) membership in Active Directory. Application Control connects to Active Directory and compares the OU specified in the condition with that of the current user or computer. If a match is made, any associated custom rules are applied. Match criteria are selected using the browse button that browses for OU containers. You must be a member of an Active Directory domain to browse for an OU container.
This condition can be used to ensure that only users in certain OUs can undertake certain actions.
Select the Include sub-OUs in match checkbox to search all sub-OUs of any specified OU. Without this checkbox selected, the sub-OUs are ignored and only the OU in question is included in the condition.
Condition | Description |
---|---|
User OU Membership | A condition based on a user’s membership of a specified OU. Select whether the condition should equal or not equal the entered OU or enter a query to apply the condition to OUs. |
Computer OU Membership | A condition based on a computer’s membership of a specified OU. Uses the same criteria as User OU Membership. |
Client Computer OU Membership | A condition based on the membership of a specified OU for a server based or virtual client computer. Uses the same criteria as User OU Membership. |
Site Membership | A condition based on the membership of a specific Active Directory Domain Site. This typically relates to an organization’s departments or a geographical location which hosts networks. Environment Manager interrogates the domain to locate sites, providing them for selection from the browse button in the Match field. To browse for sites, your location must be associated with an Active Directory domain. |
The OU name in the Match field for the User, Computer and Client Computer OU Membership conditions are case sensitive. OU names entered with incorrect case will not match.