DLP 3.0 - User Assignment Groups and Active Directory
I have a question regarding User Assignment Groups as part of DLP Device Control (in ePO 4.5) and I need to know how this integrates/works with Active Directory.
I have a working Device Control solution, where I have device rules set up and then use the user assignment group to define how have access/blocked to the device. If I add a single AD user to the User Assignment Group I have created, apply the policy and test it then it works a treat! But when I want to add an AD group (list of users) into the User Assignment Group and add the user in AD, then go back and update the policy and then test - then the update does not appear to happen!
Is there a way that the User Assignment Group can be updated, to reflect the latest changes to this group (so that updates that have been added to the AD group are reflected to be added to the User Assignment Group aswell)?
I want to be able to manage my users through AD groups (add/delete etc.) and then for this to be reflected in DLP, so that the users will have the correct access to the device.
Re: DLP 3.0 - User Assignment Groups and Active Directory
Thanks for info.
I have done some additional testing and it appears that the AD user group is applied after about 1 hour (after I have added/removed users from the group), so it does appear to work.
However I was wondering if there is a setting in DLP / ePO that is able to configure it to syncronizing more often? As I would ideally want to be able to add users to an AD group and then for the settings to be applied to the users within minutes.
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.
Community Help Hub
New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.