You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
If there were deny and allow rules in several GPO files (for example SeRemoteInteractiveLogonRight), we only work with the rule from the last processed GPO file.
If allow rules are used, it can result in users not being able to login.
If deny rules are used, this can result in users being able to login even if they are not supposed to.
Cloned from Pagure issue: https://pagure.io/SSSD/sssd/issue/3161
If there were deny and allow rules in several GPO files (for example SeRemoteInteractiveLogonRight), we only work with the rule from the last processed GPO file.
If allow rules are used, it can result in users not being able to login.
If deny rules are used, this can result in users being able to login even if they are not supposed to.
Comments
Comment from dpal at 2016-08-30 21:24:50
Michal, let me know if you need help to brainstorm how to merge GPO data in the best way.
Comment from jhrozek at 2016-08-31 17:30:43
Linked to Bugzilla bug: https://bugzilla.redhat.com/show_bug.cgi?id=1370255 (Red Hat Enterprise Linux 7)
rhbz: => [https://bugzilla.redhat.com/show_bug.cgi?id=1370255 1370255]
Comment from mzidek at 2016-09-21 18:38:22
This ticket is not valid. What I though is a bug was expected behaviour.
resolution: => invalid
status: new => closed
Comment from mzidek at 2017-02-24 14:23:38
Metadata Update from @mzidek:
The text was updated successfully, but these errors were encountered: