Account Filters

Account filters specify the users and groups the Workstyle are applied to.

When a new Workstyle is created, a default account filter is added to target either Standard users only, or Everyone (including administrators), depending on your selection in the Workstyle Wizard.

Configure Account Filters

  1. On the Filter tab, click Add a filter.
  2. Click Add an Account Filter > Add a new account.
  3. Select the following to add groups:
    • From Local or Domain AD: Add an account or group name on the AD object dialog box. Enter the name and click Check Names to validate.
    • From Microsoft Entra ID: Add a group name on the Select Groups from Microsoft Entra ID dialog box. Enter the name and click Check Names to validate.
  4. The group name is underlined when the name matches on an Active Directory or Microsoft Entra ID group name. Otherwise, an error message is displayed.

When no filters exist on a Workstyle, it applies to all. Microsoft Entra ID group filters depend on Endpoint Privilege Management for Windows agent version 21.1 or later. Earlier Endpoint Privilege Management for Windows agent versions ignore Microsoft Entra ID filters.

Domain and well known accounts display a Security Identifier (SID). The SID is used by Endpoint Privilege Management for Windows, which avoids account lookup operations. For local accounts, the name is used by Endpoint Privilege Management for Windows, and the SID is looked up when the Workstyle is loaded by the client. Local Account appears in the SID column of the accounts list for local accounts.

By default, an account filter applies if any of the user or group accounts in the list match the user. If you have specified multiple user and group accounts within one account filter, and want to apply the Workstyle only if all entries in the account filter match, then check the option All items below should match.

You can add more than one account filter if you want the user to be a member of more than one group of accounts for the Workstyle to be applied.

If an account filter is added, but no user or group accounts are specified, a warning is displayed advising No accounts added, and the account filter is ignored.

If All items below should match is enabled, and you have more than one user account listed, the Workstyle never applies, as the user cannot match two different user accounts.