Group Policy enables you to change the values of the following User Rights Assignments settings in the Windows Security Policy:
"Access this computer from the network", "Deny access to this computer from the network", "Allow Log on Locally" and "Deny Log on Locally".
Note: The Allow and Deny logons local or remote settings are the only native Windows group policy settings that Quest Authentication Services Group Policy applies and QAS enforces on the client. All other native Windows policy settings are applied by Windows to the server which then enforces the policy on itself.
Access control is always performed by checking local files unless application of Windows access control policy on Unix hosts is explicitly enabled. To enable application of Windows access control policies, add the option ApplyWindowsHostAccess = true under the [policy] section of the /etc/opt/quest/vgp/vgp.conf file. Alternatively, you can centrally manage this option through the Quest Authentication Services Group Policy configuration policy. When using the "Windows Host Access" method of access control, local file-based access control is ignored. This means explicitly listing a user in the /etc/opt//quest/vas/users.allow or /etc/opt/quest/vas/users.deny file has no effect.