The Validation Logic Rules sub-tab in the Create Rule Wizard allows you to set additional parameters to target the rule. You can define whether the rule will run on computers with a prefix in the name, a group or IP address range, or a user currently logged in. For example, you can target the rule to computers belonging to OUs that end with DEPARTMENT and are in subnet 192.168.0.X, except for the IP address 192.168.0.1.
NOTE: Client Deployment Settings can only be targeted to specific computers and not to user accounts or groups.
Setting rule parameters
To set rule parameters using the Validation Logic Rules sub-tab in the Create Rule Wizard
-
Click Add to open the Add Validation Logic Rule window.
-
Select the type of rule:
Type of Rule |
Action |
---|---|
Computer Group |
Set a rule for one or several names, or partial names, of your Active Directory computer groups. Enter the NetBIOS name, for example: DERPA\DOMAIN CONTROLLERS |
User Group |
Set a rule for one or several names, or partial names, of your Active Directory user groups. The group membership value you enter will be compared against the groups that the user belongs to during the logon process and must match for the configuration to be processed. Enter the NetBIOS name, for example: DERPA\ADMINISTRATORS |
User Name |
Set a rule if specific users are logged into client computers. Enter the NetBIOS name, for example: DERPA\HELPDESK |
OU (Computer) |
Set a rule for names, or partial names, of computer-based OUs or the Computers container in your Active Directory. The OU value you enter will be compared against the OU the client computer belongs to during the logon process and must match for the configuration to be processed. Enter the fully qualified domain name (FQDN), for example: DERPA.DERPADEV.LOCAL\DOMAIN CONTROLLERS
|
OU (User) |
Set a rule for names or partial names of the user-based OUs or the Users container in your Active Directory. The OU value you enter will be compared against the OU the user belongs to during the logon process and must match for the configuration to be processed. Enter the FQDN, for example: DERPA.DERPADEV.LOCAL\USER ACCOUNTS
|
Computer Name |
Set a rule for computers with names or partial names. Enter the FQDN, for example: DERPA.DERPADEV.LOCAL\PASERVER |
IP Address Range (v4/v6) |
Set a rule for IP addresses or ranges of computers. |
Registry Key Exists |
Set a rule based on the registry keys on client computers. |
File Exists |
Set a rule for files on the client computer or on the network. Specify a file that must exist on the client computer or on the network in order for the rule to run, for example: \\ComputerName\SharedFolder\Filename.exe DriveLetter:\Filename.exe NOTE: On the Type tab of the Create Rule Wizard, check the User’s context will be used to resolve system and resource access check box to ensure that the rule will apply. |
Date and Time Range |
Define when a rule should start and/or stop being enforced.
Select the check boxes before the date and/or time fields in the Date Range / Time Range sections. In the Date Range and Time Range sections: |
User’s context will be used to resolve system and resource access to ensure that the rule will apply.
-
Specify the rule's parameters in the dialog window that will display on the right:
-
Use the common asterisk (*) and question mark (?) wildcards in the validation value, as necessary.
-
* : Stands for no or any number of any characters
-
? : Stands for a single character
-
-
Check the NOT check box to exclude the items specified from the rule.
-
For Computer Group, User Group, User Name, OU (Computer), OU (User), and Computer Name use one of the following options:
-
Use the Name field to specify the rule's value manually (see example values in the table above), and then click the button.
-
Use the Browse button to select the items available on your network. You can filter the items by the first letters. Wildcards are not supported in the Filter field.
The desired value will be added to the list. You may add as many rule values as necessary.
-
-
-
Click OK when you are finished specifying the settings within the rule type. The record will display in the main Validation Logic Rules list.
-
To add another Validation Logic rule, repeat the steps above.
-
Add or combine Validation Logic rules with AND or OR Boolean logic. By default, rules will combine with OR Boolean logic. To make the rule use the AND operator, select AND at the bottom of the Validation Logic Rules window.
-
To edit a rule setting:
-
Within the Validation Logic Rules list, double-click a rule value or click Edit.
-
Make changes in the dialog.
-
-
When finished specifying Validation Logic rules, click Next. If the Display Advanced Options check box has not been selected, complete the rule creation process.