Non-Managed Local Users in Group Management

This feature allows for group management of local users that are not managed by Privilege Manager.

When users are added to a group, the modal indicates if their status is managed or not managed:

alt

To create an un-inventoried local user to add to a group, select Local User (Manual Entry).

alt

alt

The new view of a Group Management Policy is below.

alt

Notice that both Harry Otter and kermit are local users on machines in this Computer Group. However, the kermit account is managed by Privilege Manager and Harry Otter is not.

Even though the Harry Otter account is not managed by Verify Privilege Manager, the group membership definitions can still be defined to Ignore if found or Add if missing. This allows Privilege Manager administrators to be able to manage the account in a Group Management Policy without having to manage (or provision) that local user on all machines in the Computer Group. If the unmanaged local user is set to Add if missing, the user will only be added to the local group on the machines where this local user already exists. This allows Privilege Manager administrators to manage local users without having to provision those users on all machines in the Computer Group.

This functionality is only available when the All Other Users and Groups are set to Ignore if found.

When All Other Users and Groups are set to Remove if found, the Group Management requires exact membership – the membership definitions will be the same for all machines in this Computer Group. When this is set, each individual user's membership must be specifically defined. In this mode, the group management of unmanaged local user accounts is not allowed. When All Other Users and Groups are set to Remove if found, local users must be managed by Verify Privilege Manager (which provisions the account on all machines in the Computer Group) to have their local group membership defined.

Notice that the unmanaged local user (Harry Otter) defaults to Remove if found if All Other Users and Groups are set to Remove if found.

alt