Specify denied groups for prevalidation

Enable this policy and enter a comma-separated list of groups that cannot be prevalidated for access Centrify-managed computers. If you allow any groups or users to be prevalidated, you can use this policy to define exceptions for any groups that should be prevented from prevalidation.

In most cases, you would use this policy to exclude a subset of users that are in a group that is a member of an allowed group. For example, you might want allow all users in the admins group to be prevalidated, except the users who are members of the nested outsource subgroup. To accomplish this, you would enable “Specify allowed groups for prevalidation” for the admins group, then use the “Specify denied groups for prevalidation” policy to deny access to users who are members of the outsource group.

This group policy modifies the following setting in the agent configuration file: