Filters
The filters are used by the logon script to determine if the actions in the action set should be executed.
There are two types of filters, "normal" filters (referred to as filters) and boolean filters. A normal filter takes a name as input, for example a name of a security group or a username, where as boolean filters just validates to true or false.
Normal filters
The following filters are available (filter names are shown in parentheses after the description):
- Active Directory security group membership filter (group)
- Current username filter (user)
- Current computer name filter (computer)
- Authenticating domain controller filter (domaincontroller)
- Current domain controller site filter (site)
Boolean filters
The following boolean filters are available (filter names are shown in parentheses after the description):
- Test whether the user is logging in to a server directly
- Test whether the user is logging in to a RDP session
- Test whether the user is logging in to a Citrix session
Conditions
Each filter has a condition ("and", "or", "not"), so combinations of filters is possible.
A few important notes about conditions:
- The default filter condition is "and".
- If a filter with a "not" condition evaluates to true, no actions will be executed, no matter if the previous filters evaluated to true.
Examples
Example 1: Target everybody
If no filterSet section is defined in an action set, everybody who runs the scripts will have the actions defined applied.
<actionSet> <actions> <!-- actions go here --> </actions> </actionSet>
Example 2: Target members of a single security group
This example demonstrates how to target every member of the security group "Management".
<actionSet> <filterSet> <filter type="group" name="Management" /> </filterSet> <actions> <!-- actions go here --> </actions> </actionSet>
Example 3: Target members of one or more security group
This example demonstrates how to target every member of the "Management" or the "Administration" security group.
<actionSet> <filterSet> <filter type="group" name="Management" /> <filter condition="or" type="group" name="Administration" /> </filterSet> <actions> <!-- actions go here --> </actions> </actionSet>
Example 4: Target members of two security group
This example demonstrates how to target every member of the "Management" and the "Administration" security group.
<actionSet> <filterSet> <filter type="group" name="Management" /> <filter condition="and" type="group" name="Administration" /> </filterSet> <actions> <!-- actions go here --> </actions> </actionSet>
Example 5: Target members of single security group who is not logging in to a Citrix session
This example demonstrates how to target every member of the "Administration" who is not logging in to a Citrix session.
<actionSet> <filterSet> <filter type="group" name="Administration" /> <boolFilter condition="not" type="isICASession" /> </filterSet> <actions> <!-- actions go here --> </actions> </actionSet>