This configuration parameter specifies the users that cannot be prevalidated to access the local UNIX computer. If you allow any groups or users to be prevalidated, you can use this parameter to define exceptions for any users who should be prevented from prevalidation. In most cases, you would use this parameter to exclude a subset of users that are members of an allowed group. For example, to allow all users in the admins group except the users jorge and maurice who are members of the admins group to be prevalidated, you could set the allow and deny parameters like this:

adclient.prevalidate.allow.groups: admins
adclient.prevalidate.deny.users: jorge,maurice

In most cases, you set this configuration parameter using group policy.

If you are manually setting this parameter, the parameter value must be a comma-separated list of UNIX user names. Enclose user names with spaces in double quotes, for example:

adclient.prevalidate.deny.users: jesse,rae,tai,"sp1 user"