User and group-based policies are not applied
If Filtering Service is applying computer or network policies, or the Default policy, to Internet requests, even after you have assigned user or group-based policies, or if the wrong user or group-based policy is being applied, use the following steps to pinpoint the problem:
- If you are using nested groups in Windows Active Directory, policies assigned to a parent group are applied to users belonging to a sub-group, and not directly to the parent group. For information about user and group hierarchies, see your directory service documentation.
- The User Service cache may be outdated. User Service caches user name to IP address mappings for 3 hours. To clear and recreate the cache, go to the User Service Cache section of the page in the Forcepoint Security Manager, and then click Clear Cache.
- User Service may have been installed using the Guest account, equivalent to an anonymous user to the domain controller. If the domain controller has been set not to give the list of users and groups to an anonymous user, User Service is not allowed to download the list. See Changing DC Agent, Logon Agent, and User Service permissions.
If none of these steps addresses your issue, check the following topics, or search support.forcepoint.com for additional information.
- Directory service connectivity and configuration
- Directory service configuration
- User identification and Windows Server