E. Winston <craddle2grave <at> hotmail.com> writes: > I am running cygwin 2.2.1(0.289/5/3) and OpenSSH_7.1p1, OpenSSL 1.0.2d 9 Jul 2015 on a domain > joined Windows 2012 R2 server. I am not using /etc/passwd or /etc/group and I would prefer not to use theses > files as I anticipate a large number of accounts needing to be configured. As part of our group policy, NT > AUTHORITY\Authenticated Users and NT AUTHORITY\Interactive are both part of the local Users group. The > group policy also places NT AUTHORITY\Authenticated Users into "Log on Locally" security > policy. My primary purpose is to use this as an SFTP server. I have been able to deny SSH logins and limit > access to on SFTP.
Why can't you just override the group policy and forbid local logins (except for another AD group that you explicitly allow)? Regards, Achim.
