Desktop Authority uses Validation Logic to determine whether a profile or configuration element should be executed on a client machine. These validation rules are inspected during the logon process. If the validation rules match the client’s environment, the profile and/or the configuration element is processed. If the client environment does not meet the specified validation logic rules, the profile and/or configuration element is not processed.
IF
The IF operator is used to define the initial rule with a validation variable. The IF operator will be assigned automatically to the first Validation Logic rule you create.
Example Rule:
“IF the user is a member of the Domain Users group this element will validate.”
IF | Group | DomainName\Domain Users |
OR
The OR operator is used to define an additional validation variable that is not linked to the IF rule. This operator is used when more than one variable is required and at least one variable needs to be true to validate.
Example Rule:
“IF the user is a member of the Domain Users group OR the Domain Admins group this element will validate.”
IF | Group | DomainName\Domain Users |
OR | Group | DomainName\Domain Admins |
AND
The AND operator is used to define an additional validation variable that is linked to the IF rule. This operator is used when more than one variable is required and all variables must be true to validate.
Example Rule:
“IF the user is a member of the Domain Users group AND the Domain Admins group this element will validate.”
IF | Group | DomainName\Domain Users |
AND | Group | DomainName\Domain Admins |
NOT
The NOT operator is used in addition to the IF and AND operators. This cannot be used with an OR operator.
To configure, select the NOT checkbox above the input field when selecting the validation variable.
IF NOT
The IF NOT operator is used to define the initial rule with a validation variable but as a delimiter.
Example Rule:
“You will validate IF NOT a member of the group Domain Users.”
IF NOT | Group | DomainName\Domain Users |
AND NOT
The AND NOT operator is used to define an additional variable that is linked to the IF rule but as a delimiter. This operator is used when more than one variable is required where a variable must be true and one must not to validate.
Example Rule:
“IF the user is a member of the Domain Users group AND NOT the Domain Admins group this element will validate.”
IF | Group | DomainName\Domain Users |
AND NOT | Group | DomainName\Domain Admins |
Complex/Large Rules
You can configure complex or large rule sets in Validation Logic, although you may consider creating multiple elements or additional Active Directory groups instead, in order to make configuration easier.
You cannot create:
IF, OR, AND
IF, AND, OR
IF, OR NOT
You can create:
IF, AND, AND…
IF, OR, OR…
IF, OR, OR…, AND NOT, AND NOT…
IF, AND, AND …, AND NOT, AND NOT…
Example
© 2024 Quest Software Inc. ALL RIGHTS RESERVED. Feedback Terms of Use Privacy Cookie Preference Center