Target Groups

Target groups refer to the set of devices on which particular Privilege Manager rules are applied. You can choose to build a broad target group that includes all or most devices in your environment. You can also build target groups that direct rules to a subset of devices, or even to a single device. Target groups can be based on Active Directory domains, organization units, groups, single agents, and single devices. They can also be built from Azure Active Directory tenants, groups, single agents, and single devices.

During your initial Privilege Manager setup, you create target groups by choosing devices. After defining your default Privilege Manager configuration, you can view, add, edit, and delete the target groups that will follow your management rules on the Target Groups page. This is also where you can edit client settings, including passwords, associated with a target group.

View Target Groups

To view target groups in your Recast Management Server, navigate to Privilege Manager > Configuration > Target Groups.

The table lists each target group and its priority level. The list is searchable, and can be sorted by table headings. You can also export the list to a CSV file.

Click on a target group that doesn't include all devices to view details about the selected target group. 

Details shown:

  • Actions available for the target group (edit and/or delete)
  • Type of target group (user group or device group)
  • Name of groups that belong to the target group

Add Target Groups

To add a target group:

1. On the Target Groups page, click Add Target Group.

Edit Target Groups

To edit a target group:

1. On the Target Groups page, click the Edit icon to the right of a target group name.

Delete Target Groups

To delete a target group:

1. On the Target Groups page, click the Delete icon to the right of a target group name and confirm the deletion.

Edit Client Settings

To edit client settings for a target group:

1. On the Target Groups page, click the Settings icon (cogs) to the right of a target group.

2. In the side panel that opens, you can change any of the following default client settings:

General Settings

  • Update settings interval: Default is 60 minutes 
  • Allowed time tolerance: Default is 10 minutes
  • Manage hybrid devices from Azure Active Directory
    • Allow processing cached rules in offline
    • Allow processing cached rules after update error
    • Debug mode

Credential Provider Settings

  • Usage scenario:
    • Allow 'Use activation code' method
    • Allow 'Run with Local Account' method
    • Allow 'Run with Domain Account' method
  • Default method: Default is 'Run with Local Account'
  • Timeout: Default is 30 seconds

Local Password Settings

  • Characters allowed in passwords
  • Length of password: Default is 16 characters
  • Re-Generate Interval: Default is to re-generate passwords every 7 days

After making any changes, click Save to update your client settings.