Help CenterIn order for the ThreatLockerService to retrieve your Active Directory group memberships, the Domain Computers group must be added to the Windows Authorization Access Group and granted permission to read group membership information.
Steps for allowing ThreatLockerService to retrieve AD groups:
- Open Active Directory Users and Computers.
- In the left navigation pane, expand your domain and select the Builtin folder.
- From the View menu, enable Advanced Features.
4. Locate and right-click Windows Authorization Access Group, then select Properties.
5. Open the Members tab and select Add.
6. In the "Enter the object names to select" field, enter: Domain COmputers
7. Select Ok.
8. Next, navigate to the Security tab.
9. Under Group or user names, select Windows Authorization Access Group, then click Advanced.
10. Highlight Windows Authorization Access Group and click Edit.
11. Ensure that the Applies To is set to 'This object and all descendant objects'.
12. Under properties, scroll down and enable 'Read Members'.'
13. Select OK on all open windows to save the changes.
Important
If the ThreatLocker Active Directory Sync Tool is already installed, the service must be stopped, removed, and reinstalled after updating these permissions.
For additional instructions, see: Setting up the Active Directory Sync Service | ThreatLocker Help Center