Hi Sumit
I don't think so for us. We only access via SSH logins; the only desktop is an RDP
session where GPOs are available via usual means.
However I will check out the stuff you pointed me at, thanks.
--
Phil J Fisher
-----Original Message-----
From: Sumit Bose <sbose(a)redhat.com>
Sent: 28 June 2022 06:46
To: End-user discussions about the System Security Services Daemon
<sssd-users(a)lists.fedorahosted.org>
Subject: [SSSD-users] Re: SSSD-users: querying GPO list
Am Thu, Jun 23, 2022 at 04:49:34PM +0200 schrieb Alexey Tikhonov:
On Thu, Jun 23, 2022 at 3:19 PM Fisher, Philip
<phil.fisher(a)dxc.com> wrote:
> Hello SSSD people
>
> Is there a way to run (on RHEL 8 specifically) a command or query
> information so that a logged in (authorised) user can see the GPOs that are
> active for the session? I have tried Mr. Goggle without success.
>
I don't think there is a suitable command that SSSD provides.
Maybe Samba suit does? I don't know.
Hi,
yes, currently SSSD does not provide such a tool. And currently SSSD
might not even read the GPOs you are looking for because SSSD currently
only read GPOs for its own usage for access control.
You have asked for 'a logged in (authorised) user can see the GPOs that
are active for the session' which sounds like you are looking for
desktop policies. For this SSSD supports fleet commander, see e.g.
https://clicktime.symantec.com/37NKJytp7XW8GAuZfmfFcNk6xn?u=https%3A%2F%2....
bye,
Sumit
SSSD caches downloaded GPOs in `/var/lib/sss/gpo_cache/`, but those aren't
intended for general human consumption.
>
> This information I realise may be obtained from the actual AD server but
> in general this access is not available hence this query.
>
> Thanks.
>
> --
> Phil J Fisher
>
>
> DXC Technology Company -- This message is transmitted to you by or on
> behalf of DXC Technology Company or one of its affiliates. It is intended
> exclusively for the addressee. The substance of this message, along with
> any attachments, may contain proprietary, confidential or privileged
> information or information that is otherwise legally exempt from
> disclosure. Any unauthorized review, use, disclosure or distribution is
> prohibited. If you are not the intended recipient of this message, you are
> not authorized to read, print, retain, copy or disseminate any part of this
> message. If you have received this message in error, please destroy and
> delete all copies and notify the sender by return e-mail. Regardless of
> content, this e-mail shall not operate to bind DXC Technology Company or
> any of its affiliates to any order or other contract unless pursuant to
> explicit written agreement or government initiative expressly permitting
> the use of e-mail for such purpose.
> _______________________________________________
> sssd-users mailing list -- sssd-users(a)lists.fedorahosted.org
> To unsubscribe send an email to sssd-users-leave(a)lists.fedorahosted.org
> Fedora Code of Conduct:
>
https://clicktime.symantec.com/38RbscFqCaTJcJ9dbqFpiCV6xn?u=https%3A%2F%2...
> List Guidelines:
https://clicktime.symantec.com/3McR6vAcvFWdbFLqf5ZcmZv6xn?u=https%3A%2F%2...
> List Archives:
>
https://clicktime.symantec.com/3JrXyNyrghDvZK5m9PZBjds6xn?u=https%3A%2F%2...
> Do not reply to spam on the list, report it:
>
https://clicktime.symantec.com/3KYZEhHULGhp6JLhs9sxC9K6xn?u=https%3A%2F%2...
>
_______________________________________________
sssd-users mailing list -- sssd-users(a)lists.fedorahosted.org
To unsubscribe send an email to sssd-users-leave(a)lists.fedorahosted.org
Fedora Code of Conduct:
https://clicktime.symantec.com/38RbscFqCaTJcJ9dbqFpiCV6xn?u=https%3A%2F%2...
List Guidelines:
https://clicktime.symantec.com/3McR6vAcvFWdbFLqf5ZcmZv6xn?u=https%3A%2F%2...
List Archives:
https://clicktime.symantec.com/3JrXyNyrghDvZK5m9PZBjds6xn?u=https%3A%2F%2...
Do not reply to spam on the list, report it:
https://clicktime.symantec.com/3KYZEhHULGhp6JLhs9sxC9K6xn?u=https%3A%2F%2...
DXC Technology Company -- This message is transmitted to you by or on behalf of DXC
Technology Company or one of its affiliates. It is intended exclusively for the
addressee. The substance of this message, along with any attachments, may contain
proprietary, confidential or privileged information or information that is otherwise
legally exempt from disclosure. Any unauthorized review, use, disclosure or distribution
is prohibited. If you are not the intended recipient of this message, you are not
authorized to read, print, retain, copy or disseminate any part of this message. If you
have received this message in error, please destroy and delete all copies and notify the
sender by return e-mail. Regardless of content, this e-mail shall not operate to bind DXC
Technology Company or any of its affiliates to any order or other contract unless pursuant
to explicit written agreement or government initiative expressly permitting the use of
e-mail for such purpose.