#3161 GPO: Deny and allow rules specified in multiple GPO files can result in parts of the list being lost
Closed: Invalid None Opened 7 years ago by mzidek.

If there were deny and allow rules in several GPO files (for example SeRemoteInteractiveLogonRight), we only work with the rule from the last processed GPO file.

If allow rules are used, it can result in users not being able to login.

If deny rules are used, this can result in users being able to login even if they are not supposed to.


Michal, let me know if you need help to brainstorm how to merge GPO data in the best way.

This ticket is not valid. What I though is a bug was expected behaviour.

resolution: => invalid
status: new => closed

Metadata Update from @mzidek:
- Issue set to the milestone: NEEDS_TRIAGE

7 years ago

SSSD is moving from Pagure to Github. This means that new issues and pull requests
will be accepted only in SSSD's github repository.

This issue has been cloned to Github and is available here:
- https://github.com/SSSD/sssd/issues/4194

If you want to receive further updates on the issue, please navigate to the github issue
and click on subscribe button.

Thank you for understanding. We apologize for all inconvenience.

Login to comment on this ticket.

Metadata