I have a problem about configuration of AD Distribution Group Configration. In our company Host DLP rules are configured based on AD Distribution group, for example the users that allowed to use usb storage drive, they are assigned on AD distribution group which name is "usb allowed" and the others are blocked to use usb storage. If I remove one of the user from usb allowed distribution group on AD, the user still not blocked. After one or two days blocking becomes active.
I guess this issue is related to realtime query on AD. Please could you advise, how can I solve this issue?
It would all depend on your set up
- Is this a laptop user?
- What is the policy refresh interval setting for your agents?
- Do you have multiple primary and secondary domain controllers within your AD environment?
e.g. 'After a one day interval' for example suggests that the DLP policy is only getting refreshed after a reboot
Have you tried logging the user out and back in again after removing them from the group. Sometimes AD security settings are not refreshed on the fly and only at user login.