By default, user groups cannot access restricted agents. You need to prevent a specific user group from authenticating on a restricted agent only if you have previously allowed that user group access.
If you a deny a user group access to an agent, you also disable the ability for the user to authenticate on the agent with a logon alias. While all users in adeployment can authenticate on unrestricted agents, users who belong to groups that are associated with logon aliases cannot authenticate with an alias once this access is revoked.
In the Security Console, click Access > Authentication Agents > Manage Existing.
Click the Restrictedor Unrestrictedtab.
Use the search fields to find the agent to which you want to revoke access or disablelogon aliases.
Click the agent to which you want to revoke access, and do one of the following:
For restricted agents, select User Groups with Access.
For unrestricted agents, select Enabled Logon Aliases.
Select the checkbox next to the user groups whose access you want to revoke or whoselogon alias you want to disable.
Do one of the following:
For restricted agents, click Deny Access to User Groups.
For unrestricted agents, click Disable Aliases Associatedwith User Groups.