Documentation forAccess Rights Manager

Blacklist - exclude users and groups from use

Determine which users and groups are excluded from usage within Access Rights Manager for granting and removing access.


Add entries to the blacklist

  1. You can determine which domain is searched based upon the login credentials. By default the credentials from the basic configuration are used.
  2. When searching for users and groups a "live-request" is sent to the Active Directory. This search works independently of existing AD scans. Legacy 8MAN licensing: The search only works in licensed domains.

Available search options:

  • If no domain is entered into the search field, the domain is selected based upon the credentials.
  • If a domain is entered (for example: domain2\another.user"), Access Rights Manager will search that domain (domain2).


To add a user or group to the blacklist you can:

  • Double-click
  • Use drag&drop
  • Right-click on the object and select from the context menu
  • Use the green plus icon


Remove entries from the blacklist

Filter the entries and remove the desired entry by

  • right-clicking on the object and selecting from the context menu,
  • drag & drop onto the recycle bin icon or
  • the red X icon.

Please note that default entries with the "internal" type can not be removed.


Restore default blacklist entries

In factory settings the blacklist contains 39 default entries. These are Microsoft built in/predefined accounts and should not be used in conjunction with Access Rights Manager.

You are able to remove and restore the entries with the green dot. This may be required if you need to remove "Everyone" access rights, for example.

When restoring the blacklist only the removed standard entries are added again. Any individual additional entries remain stored in the blacklist.


"Internal entries" are marked with a lock and gray font and can not be removed.