Computer Conditions

These conditions target individual computers or groups of computers using various identifiers. Rules can be applied to a computer regardless of who is using it. The Application Control agent checks the specified criteria against that of the managed computer and applies any associated conditions to the computer or group of computers.

Computer Group conditions are not evaluated when working offline.
As an alternative, Device Rules apply to offline Computer Group memberships (applies to Application Control 2020.1 and later).

Condition Description
Is Laptop A condition to check whether the endpoint is a laptop. The agent checks the endpoint for a battery. If one exists, the condition returns true.
Computer Name A condition for a specific computer. Enter the computer name directly or search using specified criteria on selected locations.
Computer Domain A condition for a defined network of computers. Use the Name Resolution Type drop-down to specify whether the condition uses the DNS Domain or Windows Domain naming conventions. The domain entered in the Match field must be in the format used in your organization for the selected naming convention. For example, a DNS domain name is, whereas the Windows domain name is testing.
Computer NETBIOS Name A condition for a computer identified by its NETBIOS name.
Computer Group A condition based on a user group for a particular computer. The agent checks whether the specified active directory group or groups exist and compares the Security Identifier (SID) against the SID of the user’s computer for a match. The condition only matches computers in the specified group.
AAD Computer Group A condition based on a user group for a particular computer and only matches computers in the specified group.
Computer IP Address A condition based on an IP address entered into the Address field. A range of IP addresses can be defined using the Between option and the two Address fields.

For ranges, the IP address is not treated as a whole number but based upon the value of each octet. For example, if the range was from to, would pass but would not as the third octet is not within the set range.

MAC Address A condition defined by the Media Access Control (MAC) address of the network cards within a computer.
Operating System A condition that applies only when the specified operating system is matched. The operating system can be further defined by version, service pack, build number, edition, CPU architecture and Terminal Services enabled.

The Version text box provides a drop-down to select the operating system version. It also supports free text, allowing you to enter any RTM number. For example, if you wanted to specify Windows 8, enter the RTM number - 6.2.9200.

For Build Number, select a condition, such as Greater than or Equal to in the drop-down, then enter a build number in the field. You cannot include a dot character(.) in the build number. If the build number is 10240.17113, for example, you enter 10240. To ensure you have the correct build number, you can check the relevant Microsoft release information. For example, to view build numbers for Windows 10 releases, go to this Microsoft document.

Is VDI A condition which applies actions only when the endpoint is one of the following virtual desktops:
  • Xen Desktop 5
  • Xen Desktop 7
  • VMware view
  • Quest vWorkspace

For versions, please see Ivanti Community > Application Control Maintained Platforms Matrix

Related Topics