This is the mail archive of the
cygwin
mailing list for the Cygwin project.
Re: Restrict active directory logins
- From: Achim Gratz <Stromeko at NexGo dot DE>
- To: cygwin at cygwin dot com
- Date: Tue, 1 Sep 2015 07:13:02 +0000 (UTC)
- Subject: Re: Restrict active directory logins
- Authentication-results: sourceware.org; auth=none
- References: <BAY177-W41E7CF6FFF336C3E845A8EE36A0 at phx dot gbl>
E. Winston <craddle2grave <at> hotmail.com> writes:
> I am running cygwinÂ2.2.1(0.289/5/3) andÂOpenSSH_7.1p1, OpenSSL 1.0.2d 9
Jul 2015Âon a domain
> joined Windows 2012 R2 server. I am not using /etc/passwd or /etc/group
and I would prefer not to use theses
> files as I anticipate a large number of accounts needing to be configured.
As part of our group policy, NT
> AUTHORITY\Authenticated Users and NT AUTHORITY\Interactive are both part
of the local Users group. The
> group policy also places ÂNT AUTHORITY\Authenticated UsersÂinto "Log on
Locally" Âsecurity
> policy.ÂMy primary purpose is to use this as an SFTP server. I have been
able to deny SSH logins and limit
> access to on SFTP.Â
Why can't you just override the group policy and forbid local logins (except
for another AD group that you explicitly allow)?
Regards,
Achim.