Target objects define the scope of a rule and the endpoints
to which a rule applies. An object can be one of the following:
A user defined in Active Directory.
evaluates the logged on user the moment the user logs on. As a result,
Traps will apply the policy of the logged on user regardless of the
account used to open or run files.
The name of a computer or mobile device
defined in Active Directory.
names may be offered as autocompletions even if they are not presently
A user group defined in Active Directory.
Endpoint Security Manager does not support the following groups
in Active Directory:
If you rename any of these
groups in Active Directory, the ESM Console can present the group
as an option to which you can apply policy, however, the renamed
group is not supported.
AD Organizational Unit
A subdivision within Active Directory into
which you can place users, groups, computers, and other organizational
A computer or mobile device
on which the Traps agent is installed. The Endpoint Security Manager
identifies existing endpoints by communication messages it receives
from Traps agents.
A static or dynamic group whose membership
is defined by specific endpoint characteristics such as hostname
or IP address. To create an endpoint group, see Manage
For objects defined in Active Directory, the ESM Console provides
autocompletion as you type. Rules that you define for AD users and
AD groups will apply to those users and groups, regardless of the
endpoint on which they log in.
You can apply rules to all objects, to selected objects, or to
all objects except those in the Exclude list.