Systems and methods for preventing the installation of unapproved applications
US-9330254-B1 · May 3, 2016 · US
Co-existence of management applications and multiple user device management
US12101305B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-12101305-B2 |
| Application number | US-202017015244-A |
| Country | US |
| Kind code | B2 |
| Filing date | Sep 9, 2020 |
| Priority date | Dec 9, 2016 |
| Publication date | Sep 24, 2024 |
| Grant date | Sep 24, 2024 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
Various examples for managing a client device having multiple enrolled user accounts thereon are described. A computing device is directed to store a mapping of a client device to a plurality of user accounts active. The computing device communicates remotely with a management application on the client device to identify an active one of the user accounts from an operating system of the client device. In response to receipt of information associated with a first one of the user accounts active on the client device, the computing device enrolls the first one of the user accounts with a management service in association with the client device. In response to receipt of information associated with a second one of the user accounts active on the client device, the computing device enrolls the second one of the user accounts with the management service in association with the client device.
First claim
Opening claim text (preview).
Therefore, the following is claimed: 1. A system, comprising: at least one server computing device; and program instructions stored in memory and executable in the at least one server computing device that, when executed, direct the at least one server computing device to: store, in memory, a mapping of a plurality of identifiers to a plurality of user accounts of a management service, wherein an identifier uniquely identifies both a client device identifier and an individual user identifier of the client device, wherein the client device is shared among multiple users; communicate remotely with a management application on the client device, wherein the management application is configured to identify an active one of the user accounts of the management service based on user information obtained from an operating system of the client device using an application programming interface (API) provided by the operating system to query the operating system to identify at least one of a user login event or an active user of the operating system, wherein the user information comprises an operating system user identifier to the operating system of the client device, wherein an individual user associated with the active one of the user accounts of the management service is identified from the operating system user identifier to the operating system; in response to receipt of an operating system identifier associated with a first one of the user accounts active on the client device, enroll the first one of the user accounts with the management service in association with the client device, wherein the management service is configured to manage operation of the client device based on the identifier associated with both the client device identifier and the individual user identifier; and in response to receipt of an operating system identifier associated with a second one of the user accounts active on the client device, enroll the second one of the user accounts with the management service in association with the client device. 2. The system of claim 1 , wherein the mapping stored in memory comprises a user account identifier that uniquely identifies a corresponding one of the user accounts, the operating system user identifier, and a device identifier that uniquely identifies the client device. 3. The system of claim 1 , wherein the at least one server computing device is further directed to: in an instance in which the first one of the user accounts is enrolled with the management service and the first one of the user accounts is active on the client device, manage the client device using a first configuration profile for the first one of the user accounts; and in an instance in which the second one of the user accounts is enrolled with the management service and the second one of the user accounts is active on the client device, manage the client device using a second configuration profile for the first one of the user accounts. 4. The system of claim 1 , wherein: the first one of the user accounts is enrolled with the management service using the identifier, wherein the identifier comprises a domain and a user handle identified from a first login of the first one of the user accounts on the client device, and a unique device identifier that uniquely identifies the client device; and the second one of the user accounts is enrolled with the management service using a second identifier, wherein the second identifier comprises a domain and a user handle identified from a second login of the second one of the user accounts on the client device, and the unique device identifier. 5. The system of claim 4 , wherein the unique device identifier is obtained from a registry of the client device. 6. The system of claim 1 , wherein the active one of the user accounts is determined to not be a staging user account based at least in part on a current user identified from the operating system of the client device. 7. A computer-implemented method, comprising: storing, in memory of a server computing device, a mapping of a plurality of identifiers to a plurality of user accounts of a management service, wherein an identifier uniquely identifies both a client device identifier and an individual user identifier of the client device, wherein the client device is shared among multiple users; communicating remotely, by a server computing device, with a management application on the client device to identify an active one of the user accounts of the management service based on user information obtained from an operating system of the client device, wherein the user information comprises an operating system user identifier to the operating system of the client device using an application programming interface (API) provided by the operating system to query the operating system to identify at least one of a user login event or an active user of the operating system, wherein an individual user associated with the active one of the user accounts of the management service is identified from the operating system user identifier to the operating system; in response to receipt of an operating system identifier associated with a first one of the user accounts active on the client device, enrolling the first one of the user accounts with the management service in association with the client device, wherein the management service is configured to manage operation of the client device based on the identifier associated with both the client device identifier and the individual user identifier; and in response to receipt of an operating system identifier associated with a second one of the user accounts active on the client device, enrolling the second one of the user accounts with the management service in association with the client device. 8. The computer-implemented method of claim 7 , wherein the mapping stored in memory comprises a user account identifier that uniquely identifies a corresponding one of the user accounts, the operating system user identifier, and a device identifier that uniquely identifies the client device. 9. The computer-implemented method of claim 7 , further comprising: in an instance in which the first one of the user accounts is enrolled with the management service and the first one of the user accounts is active on the client device, managing the client device using a first configuration profile for the first one of the user accounts; and in an instance in which the second one of the user accounts is enrolled with the management service and the second one of the user accounts is active on the client device, managing the client device using a second configuration profile for the first one of the user accounts. 10. The computer-implemented method of claim 7 , wherein: the first one of the user accounts is enrolled with the management service using the identifier, wherein the identifier comprises a domain and a user handle identified from a first login of the first one of the user accounts on the client device, and a unique device identifier that uniquely identifies the client device; and the second one of the user accounts is enrolled with the management service using a second identifier, wherein the second identifier comprises a domain and a user handle identified from a second login of the second one of the user accounts on the client device, and the unique device identifier. 11. The computer-implemented method of claim 10 , wherein the unique device identifier is obtained from a registry of the client device. 12. The computer-implemented method of claim 7 , wherein the active one of the user accounts is determined to not be a staging user account based at least in part on a curre
Assignees
Inventors
Classifications
Task life-cycle, e.g. stopping, restarting, resuming execution (G06F9/4881 takes precedence) · CPC title
involving the movement of software or configuration parameters (network booting or remote initial program loading [RIPL] G06F9/4416) · CPC title
Protecting access to data via a platform, e.g. using keys or access control rules · CPC title
Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems · CPC title
during program execution, e.g. stack integrity {; Preventing unwanted data erasure; Buffer overflow} · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US12101305B2 cover?
- Various examples for managing a client device having multiple enrolled user accounts thereon are described. A computing device is directed to store a mapping of a client device to a plurality of user accounts active. The computing device communicates remotely with a management application on the client device to identify an active one of the user accounts from an operating system of the client …
- Who is the assignee on this patent?
- VMware LLC, Omnissa Llc
- What technology area does this patent fall under?
- Primary CPC classification H04L63/08. Mapped technology areas include Electricity.
- When was this patent published?
- Publication date Tue Sep 24 2024 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 12 related publications on this page (citations in our corpus or others sharing the same primary CPC).