#2661 RFE: Change AD GPO default to enforcing
Closed: Fixed None Opened 5 years ago by jhrozek.

Filing for tracking purposes..this is a change that's important enough to trigger a release note etc..

When a user enrolls a system against Active Directory, the expectation
is that the client will honor the centrally-managed settings. In the
past, we avoided changing the default (and left it in permissive mode,
to warn admins that the security policy wasn't being honored) in order
to avoid breaking existing Active Directory enrollments.

However, sufficient time has likely passed for users to become
accustomed to using GPOs to manage access-control for their systems.

This patch changes the default to enforcing and adds a configure flag
for distributions to use if they wish to provide a different default
value.


Fields changed

owner: somebody => sgallagh
patch: 0 => 1

resolution: => fixed
status: new => closed

Fields changed

rhbz: => todo

Fields changed

rhbz: todo => 0

Metadata Update from @jhrozek:
- Issue assigned to sgallagh
- Issue set to the milestone: SSSD 1.13 alpha

3 years ago

SSSD is moving from Pagure to Github. This means that new issues and pull requests
will be accepted only in SSSD's github repository.

This issue has been cloned to Github and is available here:
- https://github.com/SSSD/sssd/issues/3702

If you want to receive further updates on the issue, please navigate to the github issue
and click on subscribe button.

Thank you for understanding. We apologize for all inconvenience.

Login to comment on this ticket.

Metadata