Synchronizing Local Users and User Groups

An administrator must manually import and synchronize local user and user groups to add them to the database, when the users and groups are not part of the existing domain. This can be done through the User Explorer module (when Application Control is set up) or the Synchronize Domain Members tool.

Prerequisites

You must ensure that:

  • Application Control is set up and licensed.
  • File groups are assigned for the target machine.

Restriction: Only an Enterprise Administrator can synchronize Novel Organization Units (OU) local user and user group domain information.

The Ivanti Device and Application Control database contains only domain users by default, therefore local users and groups must be added separately.

  1. In the Management Console, select View > Modules > User Explorer.
    The User Explorer window opens.
  2. Select the File Groups by User tab.
  3. In the Users, Groups, Computers and Domains panel, right-click to select a local computer on the Name column.
    A context menu appears.
  4. Select Synchronize Local Users/Groups from the context menu.
    The Ivanti Device and Application Control Management Console shows you an error message if the computer being synchronized is offline.
    The operation result appears in the Output window.

(Alternative) Using the Synchronize Domain Members Tool to Synchronize Local Users and User Groups

Prerequisites

You must ensure that:

  • Remote Registry service is running on the target computer.
  • File & Printer Sharing is enabled and opened in the firewall on the target computer.
  • User you want to synchronize has admin permissions on the local machine and is able to access c$ and admin$ from the SXS.
  • (Windows XP only) Simple File Share is disabled in Folder Options.
  • User you want to import has password credentials.
  • You know the domain the user belongs to.
  1. From the Management Console, select Tools > Synchronize Domain Members.
    The Synchronize Domain dialog opens.
  2. Enter the name of a domain.
  3. Click the Different user name option to authenticate to the network as a different user.
    The Connect As… dialog opens.
  4. Enter the user name, including domain name, for the local user of the computer you want to synchronize with the domain.
  5. Enter the password for the local computer user.
  6. Click OK.
    The Connect As… dialog closes.
  7. Click OK.
    The Synchronize Domain dialog closes.

The local user and user groups information is synchronized and imported to the database, confirmed by a message in the Output window of the Management Console.