Enable this policy and enter a comma-separated list of groups that cannot be prevalidated for access Centrify-managed computers. If you allow any groups or users to be prevalidated, you can use this policy to define exceptions for any groups that should be prevented from prevalidation.
In most cases, you would use this policy to exclude a subset of users that are in a group that is a member of an allowed group. For example, you might want allow all users in the
admins group to be prevalidated, except the users who are members of the nested
outsource subgroup. To accomplish this, you would enable “Specify allowed groups for prevalidation” for the
admins group, then use the “Specify denied groups for prevalidation” policy to deny access to users who are members of the
This group policy modifies the following setting in the agent configuration file: