Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 4 replies
  • Subscribers 4 subscribers
  • Views 2058 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos UTM doesn't support Microsofts A-G-DL-P concept in AD-Authentication

ipzipzap

Hi,

as you know (i hope so) Microsoft recommends the AGDLP principle for implementing access control rights since 1993.

https://en.wikipedia.org/wiki/AGDLP
We are just in the process of tidying up our Active Directory structure and going strict after AGDLP. But yesterday I had to learn the hard way that this doesn't work with Sophos.

 

Example:

Create a group "UTM-WebAccess-Full" and add the group "IT-Administrators" to it. Everyone inside the "IT-Administrators" group won't have access to the WebAdmin. You have to add every single user to the "UTM-WebAccess-Full" group to get this to work.

 

In a nutshell: Shophos UTM basically doesn't support nested groups in AD-Authentication.

 

This is against the AGDLP principle that Microsoft recommends for ages. I am really shocked that Sophos doesn't support this.

As we are not a Sophos Partner, can someone of you please file this as a bug report to Sophos?

 

Thanks in advance,

Dino



This thread was automatically locked due to age.
Parents Reply Children
  • 0 in reply to BAlfson

    No way?!

    Thanks a lot for asking your Sophos Contact, Bob.

     

    I think it's rediculous and simply unbelievable that Sophos doesn't support one of the most fundamental and recommended AD principles. :-(

    And I checked your link to the Voting: It's from 2013. Do you really think someome at Sophos gives a f... cares? 

     

    I think we have to reconsider our AD design, again :-(

     

    cu,
    Dino

Unfiltered HTML