Access Control - groups within groups
-
I'm trying to set up access control.
I have a Staff user - TomBaker
He is a Maths teacher in SchoolAHis AD account membership looks like:
SchoolA_Teachers_MathsSchoolA_Teachers_Maths is a member of a group SchoolA_Teachers
SchoolA_Teachers is a member of AllSchools_TeachersI check the box "Enable usage of Domain groups".
I add SchoolA_Teachers and/or AllSchools_Teachers to the "Restrict access to members of specific user groups" section.
I click Apply
When I run the "test", and put in TomBaker, the account shows it does not have access.If I add SchoolA_Teachers_Maths, then it passes.
So Veyon doesn't appear to understand nested groups.I also tried creating a local group on the PC called VeyonUsers, and adding SchoolA_Teachers to that.
Still didn't pass.I thought I could tackle it with "deny" instead, but the pupil accounts are the same nested approach.
PupilAccount1 - member of SchoolA2020, which is a member of SchoolAPupilsIs there a way around this?
If it helps, any..
Our AD structure is:
User Accounts
SchoolA\Staff
SchoolB\Pupils
SchoolB\Staff
SchoolB\StaffThere will be cases where staff from SchoolA are using PCs in SchoolB.
So I can't just use a config where SchoolA PCs look at SchoolA\Staff -
Hi..
I think I'll get round it by using a script to modify the permissions on the Private keyfile on PCs with Master installed.
In my testing, I've put a PupilAccounts = "Deny read".
This lets me run the Master as a Teacher, but not as a pupil - which is what I need.