Managed group rule allows you to add a specified member to selected local group on selected target.
- Rule target
You can see what will be the management level (see more information about management levels from Managed groups) and target for the new rule. Verify that you are adding the new rule to a correct management level and target. - Select group
Select local group from dropdown list. This will be the local group in target computer(s) where specified member will be added. Selected local group must exist on the target computer(s) for rule to be applied on target computer(s). If selected local group does not exist on target computer(s) then rule will not affect these computers but error log event will be written to Carillon Client log. - Select category
Select category from dropdown list. Category filters selections on Select predefined or custom member dropdown list. By default there is one built-in System category that filters list to show built-in users (like local Administrator account, everyone etc.). In addition to System built-in category there is always (none) available on category dropdown list. This filters list to show additional local users that has been created without specifying a category. Other categories can be available in the dropdown list if additional categories has been created (see more information from Create category).Selecting other category filters list to show local users that has been created in this category. - Select predefined or custom member
Select predefined built-in user account or local user from the dropdown list. Always use built-in user (shown when System category is selected) when possible because predefined built-in users are detected on computers using SID of the account. This will make sure that operating system language or renamed built-in user does not affect applying the management rule on target computer(s). For example when adding local built-in Administrator account to managed local group, use always System category and Administrator predefined built-in user as a member. This makes sure that management rule will work on different operating system language versions.
When predefined member is selected, search and member name fields are disabled.
There is always Custom member as first item on dropdown list. When custom member is selected you will need to search or specify the member that needs to be added to local group. This selection makes search and member name fields available for you to specify the member. Use this selection always when you need to add members from on-premises Active Directory. - Search for member from on-premises Active Directory
You can use search from on-premises Active Directory to populate Custom member name field. If custom member is local user you do not need to select domain, just specify custom member to Custom member name field. You do not need to search custom member from on-premises Active Directory, you can also specify the custom member directly to Custom member name field. Searching custom member from on-premises Active Directory helps you to get correct member name format for custom member.
This field is available only if Custom member is selected. For more information about using search controls see Active Directory search. - Custom member name
Use Search for member from Active Directory to automatically populate this field or type in the custom member name manually. If you specify custom member name manually use 'DOMAIN\account name' format for domain based custom members. For local user custom members use 'account' format.
This field is available only if Custom member is selected. - Specify display name
If you want to show custom member with different name on Centero Carillon portal, specify a display name for the custom member.
This field is available only if Custom member is selected. - Validity time
Select if you want to managed group rule to be valid only for a specified time. Also specify validity time. Maximum validity time is specified by Centero Carillon Administrator.
This field is available only if enabled by Centero Carillon administrator. - Rule status
Select if managed local group rule is enabled or disabled. When rule is enabled it will be applied to target computer(s). When all rules for managed local group are disabled for target computer then this target computer is in reporting mode. Then only reports of local groups and users will be sent to Centero Carillon database. If any of the disabled managed local group rules is enabled then local group will be changed to managed, even if rest of the managed local group rules are still disabled!
