On 10/10/19 11:43 AM, Emil Petersson wrote:
Ok, thanks, that explains it.
All I want is a way to make sure that a user, which I have not explicitly
allowed access, is denied. In other words... default behaviour for all logins
should always be DENY, regardless of number of GPOs found. Obviously
Ok, thanks, that explains it.
All I want is a way to make sure that a user, which I have not explicitly
allowed access, is denied. In other words... default behaviour for all logins
should always be DENY, regardless of number of GPOs found. Obviously, a GPO
that does contain access control rule
On 10/3/19 10:28 AM, Emil Petersson wrote:
Hi,
The docs for ad_gpo_implicit_deny reads:
"Normally when no applicable GPOs are found the users are allowed access. When this
option is set to True users will be allowed access only when explicitly allowed by a GPO
rule. Otherwise users will be de
Hi,
The docs for ad_gpo_implicit_deny reads:
"Normally when no applicable GPOs are found the users are allowed access. When
this option is set to True users will be allowed access only when explicitly
allowed by a GPO rule. Otherwise users will be denied access. This can be used
to harden secu
On 9/11/19 10:56 AM, Emil Petersson wrote:
Even when I reconfigure AD to make sure there is no applicable GPO's found, I'm
still granted access with my unprivileged user.
[ad_gpo_access_check] (0x0400): RESULTANT POLICY:
[ad_gpo_access_check] (0x0400): gpo_map_type: Remote Interactive
[ad_gpo_a
Even when I reconfigure AD to make sure there is no applicable GPO's found, I'm
still granted access with my unprivileged user.
[ad_gpo_access_check] (0x0400): RESULTANT POLICY:
[ad_gpo_access_check] (0x0400): gpo_map_type: Remote Interactive
[ad_gpo_access_check] (0x0400): allowed_size = 0
[ad_g
