This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

How is Active Directory authentication working regarding logon restrictions?

Hello all,

I'm currently trying to set some settings in our Active Directory regarding logon restrictions.

In AD I can set deny for: local logon, rds logon, service logon, batch job logon, access from network.

What kind of mechanism (should be one of the above mentioned) is the UTM using to authenticate a user to our Active Directory?
Which one do I need to allow?

Regards
UTMaddict

This thread was automatically locked due to age.

Top Replies

UTMaddict over 2 years ago in reply to BAlfson +1

Sure it does. If I enable the deny GPO "Deny access to this computer from the network" the user can't connect via SSL VPN. I figured out that if I deny logon via local logon, rds logon, service logon…

0 UTMaddict over 2 years ago

It is network
Cancel
Vote Up 0 Vote Down

Cancel
0 Amodin over 2 years ago in reply to UTMaddict

Thanks for that engaging insight into your working knowledge of Active Directory.

OPNSense 64-bit | Intel Xeon 4-core v3 1225 3.20Ghz
16GB Memory | 500GB SSD HDD | ATT Fiber 1GB
(Former Sophos UTM Veteran, Former XG Rookie)
Cancel
Vote Up 0 Vote Down

Cancel
0 BAlfson over 2 years ago

Hallo,

I don't believe that logon restrictions affect how UTM authenticates users against AD.

Cheers - Bob

Sophos UTM Community Moderator
Sophos Certified Architect - UTM
Sophos Certified Engineer - XG
Gold Solution Partner since 2005

MediaSoft, Inc. USA
Cancel
Vote Up 0 Vote Down

Cancel
0 UTMaddict over 2 years ago in reply to BAlfson

Sure it does. If I enable the deny GPO "Deny access to this computer from the network" the user can't connect via SSL VPN.

I figured out that if I deny logon via local logon, rds logon, service logon, batch job logon the user can connect.

And if I deny access via network it CANNOT connect.
Cancel
Vote Up +1 Vote Down

Cancel