-
제목
How to setup access control -
설명
How to setup access control -
해결 방안
Access control is simply defined as what users can log into what system. There are many ways this can be achieved. If no access policy is in place then all Unix enabled users will be able to login to the client. Below are three ways to setup access control that are also demoed in the video below :
Configuring Native Active Directory Group policy Rules (see video at 1:55 time for demo)
1 - In the /etc/opt/quest/vgp/vgp.conf set apply windows Host access to true either manually or through a group policy as in the video.
2 - Open up Microsoft Group policy Manager
3 - Navigate to Windows Settings | Security Settings | Local Policies | User Rights Assignment | Allow log on locally and add in the group or user.
4 - Do some commands to check the policy and test login for both users allowed and denied.
Configuring VGP access control group policy rules (see video at 6:23 time for demo)
1 - Open up Microsoft Group policy Manager
2 - Expand Computer configuration | Policies | Unix Settings | Quest Authentication Services | Access Control
3- Double click users.allow and click group
4 - Do some commands to check the policy and test login for both users allowed and denied.
Configuring file based access control - setup access control manually per machine (see video at 10:35 time for demo)
1 - Create the users.allow file in /etc/opt/quest/vas directory2 - Enter in the user's UserPrincipalName or the group name with domain for example IDM/VideoAC3 - Test login for both users allowed access and some denied