cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Is it possible to use AD group as criteria for computers?

I can't figure out how to create a rule in MWG that affects computers belonging to a certain AD group. I have tried with Rule criteria "Authentication.UserGroups" but that one obviously only checks for users, not computers.
5 Replies
aloksard
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 2 of 6

Re: Is it possible to use AD group as criteria for computers?

Hi,

Hope you are doing well.

To filter based on system hostnames you can create a rule with criteria DNS.lookup.Reverse(IP) and in the parameters section -> Select parameter property as Client.IP

Configure reverse lookups up for system hostname, this completely depends on the DNS server, configured DNS server be able to get the A/host record of the system.

It is the DNS server configured on MWG which should be able to do reverse DNS lookup.

 

To filter based on the AD groups to which user belongs you can create a rule using property Authentication.UserGroups.

 

Was my reply helpful?
If you find this post useful, Please give it a Kudos! Also, Please don't forget to select "Accept as a solution" if this reply resolves your query!

 

Regards

Alok Sarda

Re: Is it possible to use AD group as criteria for computers?

Hi Alok,

Thank you for your reply. But it wasn't exactly what I was hoping for.
I want to use an existing AD group where my computers already resides in. 

Regards

Peeter

swilkens1
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 4 of 6

Re: Is it possible to use AD group as criteria for computers?

Since only the user is authenticating with the MWG via NTLM, only user-specific information will be available.

As such, it is not possible for MWG to obtain or utilize Active Directory Computer groups, only User groups and attributes.

Best,

Steven

fw_mon
Reliable Contributor
Reliable Contributor
Report Inappropriate Content
Message 5 of 6

Re: Is it possible to use AD group as criteria for computers?

not tested yet:

first get a computername via reverse DNS lookup as @aloksard described, then perform a LDAP lookup to get a OU name where this computername resides

Re: Is it possible to use AD group as criteria for computers?

OK,

Then I misunderstood @aloksard 's solution. I will try to reproduce this solution to our MWG.

Thanks 

You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community