PropDenyGroup

HKLM\SOFTWARE\Microsoft\PswdSync\Domains\<pod-name>

Data type Range Default value
REG_SZ Windows NT user group PasswordPropDeny

Description

Excludes from password synchronization users in the group listed in this entry.

When the name of a valid Windows 2000 user group appears in this list, the service synchronizes passwords for all users except the members of that group. This entry lets you exclude from the service users who do not or should not log on to UNIX computers.

If the value of this entry does not contain the name of a existing user group and the default group, PasswordPropDeny, does not exist in your system, all of the system's users are considered to be clients and the service synchronizes all of their passwords. (If the system is running on a stand-alone computer, the service synchronizes the passwords of all local users. If the system is running on a domain controller, the service synchronizes the passwords of all users in the domain.)

Note Image Note

This entry does not appear in the registry unless you use the Password Synchronization Administrator to change the default value.

Tip Image Tip

If only a small subset of domain users need to have synchronized passwords, use PropAllowGroup, to identify that group of users. If all but a few users need to have synchronized passwords, use PropDenyGroup to identify the group of excluded users.

To create a Windows user group, use Active Directory Users and Computers.

Related Entries

Page Image