After installing an agent, you configure the agent to control user access to protected resources. The following table describes how each agent configuration controls user access.
Who Can Authenticate
All users in the same deployment as the agent.
Less administrative burden because there is no need to configure an agent as a restricted agent, associate user groups with agents, or manage user membership of the user groups associated with the agent. However, you can grant a user group that is associated with a logon alias access to an unrestricted agent.
Members of any group directly granted access to the restricted agent.
Members of a group nested within a group granted access to the restricted agent.
Increases security because only a subset of users is allowed to authenticate to the agent, which allows you to limit access to specific network resources.
Restricted with group access time restrictions
Members of a group or nested group who authenticate during a specified time.
Further restricts access to the agent by prohibiting authentication outside of a specified time period.