NoteHKLM\SOFTWARE\Microsoft\PswdSync\Domains\<pod-name>
| Data type | Range | Default value |
|---|---|---|
| REG_SZ | Windows NT user group | PasswordPropDeny |
Excludes from password synchronization users in the group listed in this entry.
When the name of a valid Windows 2000 user group appears in this list, the service synchronizes passwords for all users except the members of that group. This entry lets you exclude from the service users who do not or should not log on to UNIX computers.
If the value of this entry does not contain the name of a existing user group and the default group, PasswordPropDeny, does not exist in your system, all of the system's users are considered to be clients and the service synchronizes all of their passwords. (If the system is running on a stand-alone computer, the service synchronizes the passwords of all local users. If the system is running on a domain controller, the service synchronizes the passwords of all users in the domain.)
Note
This entry does not appear in the registry unless you use the Password Synchronization Administrator to change the default value.
Tip
If only a small subset of domain users need to have synchronized passwords, use PropAllowGroup, to identify that group of users. If all but a few users need to have synchronized passwords, use PropDenyGroup to identify the group of excluded users.
To create a Windows user group, use Active Directory Users and Computers.
Related Entries
