When deploying Desktop App (v3.x.x+) or Desktop Sync (v9.1.x+), administrators can define a list of Active Directory domains that machines need to be joined to in order to use either app. This allows admins to control deployments of both applications to ensure they are only used on devices joined to known domains.
If the Desktop App or Desktop Sync is installed on a computer that is not joined to one of the specified domains, users will see the following message when they attempt to connect or sync.
Sync is not permitted on this machine as it's not joined to an authorized domain.
The message will persist until the user's machine is joined to one of the white-listed domains or if the list of domains is updated in the cloud.
The AD domain is checked every 15 minutes and upon login to ensure the device is on one of the specified whitelisted domains. If the device is being used on a computer that is not joined to one of the specified domains, users' drives are removed and users are notified that their device is not authorized to connect to the specified Egnyte domain.
Enable Device Entitlement for the Desktop App and Desktop Sync
You can enable device entitlement for the Desktop App and Desktop Sync by raising a support ticket to request for device entitlement to be turned on with the following information:
- name of your Egnyte domain - eg. acme.egnyte.com
- list of fully qualified domain names for which sync should be allowed - eg. acme.com,acme.co.uk
Note that turning on device entitlement will affect both Desktop Sync and the Desktop App.
To find AD domain information that you can supply on a specific device use the following commands:
Run the following command in a console window and look for domain name near the top of the resulting output:
Run the following command in a command prompt as an administrator on the machine to find the fully qualified domain name:
gpresult /scope computer /v
Device Entitlement on other clients
Device entitlement is also supported on our mobile clients.