4.0 Configuring Logon Filter

Logon Filter is a component that you must install on the Domain Controllers. It allows to update the group membership temporarily if you login with Advanced Authentication Windows Client. The change in member does not reflect in Active Directory Users and Computers. The Logon Filter can be used to prevent users to login without the Advanced Authentication Windows Client or to delegate specific permissions when user uses a specific chain.

NOTE:To check the group membership, run the following power shell command:

WHOAMI /GROUPS

The following diagram illustrates the architecture of the Logon Filter.

This chapter contains the following sections:

Configuring the Logon Filter
Configuring to Prevent Login Without the Windows Client Installed
Securing Access to File Share on Windows Using the Logon Filter