This is the mail archive of the cygwin mailing list for the Cygwin project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

Re: Restrict active directory logins

From: Achim Gratz <Stromeko at NexGo dot DE>
To: cygwin at cygwin dot com
Date: Tue, 1 Sep 2015 07:13:02 +0000 (UTC)
Subject: Re: Restrict active directory logins
Authentication-results: sourceware.org; auth=none
References: <BAY177-W41E7CF6FFF336C3E845A8EE36A0 at phx dot gbl>

E. Winston <craddle2grave <at> hotmail.com> writes:
> I am running cygwinÂ2.2.1(0.289/5/3) andÂOpenSSH_7.1p1, OpenSSL 1.0.2d 9
Jul 2015Âon a domain
> joined Windows 2012 R2 server. I am not using /etc/passwd or /etc/group
and I would prefer not to use theses
> files as I anticipate a large number of accounts needing to be configured.
As part of our group policy, NT
> AUTHORITY\Authenticated Users and NT AUTHORITY\Interactive are both part
of the local Users group. The
> group policy also places ÂNT AUTHORITY\Authenticated UsersÂinto "Log on
Locally" Âsecurity
> policy.ÂMy primary purpose is to use this as an SFTP server. I have been
able to deny SSH logins and limit
> access to on SFTP.Â

Why can't you just override the group policy and forbid local logins (except
for another AD group that you explicitly allow)?


Regards,
Achim.

References:
- Restrict active directory logins
  - From: E. Winston

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]