0

I am trying to setup NTFS Compound Permissions to limit access from certian devices using Kerberos Armoring. As far as I can tell it should be very easy you just set 2 GPO settings. One for the server and then one for the client. Once that is turned on it should then be possible to set a permission on a NTFS file share to set a device permission to only allow access from certain machines. You still have touse group permissions but you can now lock it down to only allow access from certain machines as well.

I have tried setting the 2 GPO settings both for the client and server but on trying to map a network share it always fails with permission denied.

Has any one had any luck with Kerberos Armoring ?

I have tried the following guide Config compound NTFS permissions

But each time I try and connect to the share I get accessed denied.

JamesT
  • 1
  • Have you looked at the Effective Permissions for the user in question? – joeqwerty Jan 21 '19 at 17:09
  • Yes I have checked that and confirmed that it works both with out the advance rule enabled and then enabled and made sure to select the security group the machine was and it shows that it has the correct permission. – JamesT Jan 21 '19 at 17:58

1 Answers1

0

I am late to help you, but the answer is:

Computer Configuration > Policies > Administrative Templates > System > Kerberos > Support compound authentication

Craig Holton
  • 1