Hi,
as you know (i hope so) Microsoft recommends the AGDLP principle for implementing access control rights since 1993.
https://en.wikipedia.org/wiki/AGDLP
We are just in the process of tidying up our Active Directory structure and going strict after AGDLP. But yesterday I had to learn the hard way that this doesn't work with Sophos.
Example:
Create a group "UTM-WebAccess-Full" and add the group "IT-Administrators" to it. Everyone inside the "IT-Administrators" group won't have access to the WebAdmin. You have to add every single user to the "UTM-WebAccess-Full" group to get this to work.
In a nutshell: Shophos UTM basically doesn't support nested groups in AD-Authentication.
This is against the AGDLP principle that Microsoft recommends for ages. I am really shocked that Sophos doesn't support this.
As we are not a Sophos Partner, can someone of you please file this as a bug report to Sophos?
Thanks in advance,
Dino
This thread was automatically locked due to age.