Jump to content

Add AD Security Group with Access Denied


Kurt De Jaeger
 Share

Recommended Posts

Hello,

 

We want to connect PWS with AD and use AD Security Groups with already all our 200 persons in it.

We've already created dedicated AD groups and want to start putting our existing department groups in it.  Like this, we use the existing once and don't have to do double work again to put everyone in those pws ad security groups.  But we also want to create an AD security group and put members in it who doesn't have to have access to pws but still can work in our domain.

 

You can import ad groups and set to View - Modify or Administrator ... but how to set to a group NOT to have access to pws?

 

Cheers

K

Link to comment
Share on other sites

Hi Kurt,

 

Unfortunately the purpose of our security Groups are to automatically users into the system for the purpose of logging into the system, and applying permissions throughout the software.

 

What you could possibly do is disable their accounts once they have been imported into Passwordstate, as this would free up licenses?  Would this help at all?

 

To help me understand a bit more about what you are asking for, can I ask why you would put users in a security group who you do not want to give access to Passwordstate?  Are you hoping to use them in a Password Record or something like that, so you can automatically reset their password?  Maybe you could use the API to script adding these users into password records if this is what you are hoping to achieve?

 

Regards,

Support.

Link to comment
Share on other sites

Hello,

 

So ... Hope I can explain.

 

We want to do the user management in AD and not in PWS (PasswordState)

I know in PWS you can select 1 individual user (or more) and disable them so they can't access PWS anymore.

But we want to use AD and put members in AD SecurityGroups.  We thought of import an AD group with NoAccess or AccessDenied permissions.  So I though on setting the permissions of that AD group in PWS to No Access, but still import them in PWS.

Every engineer is in a security group in AD already and we don't want to redo everything in PWS.

 

We have trainees that need access to our network, but not in PWS.

 

So if that trainee is also in the group PWS_NOACCESS then he can do his job without accessing PWS.

 

Hope this makes sense and you understand what I'm trying to achieve.

 

The management can be done in AD this way.

 

Cheers

Kurt

 

Link to comment
Share on other sites

Hi Kurt,

 

Sorry, but your only option here is to use different Security Groups - any security groups you've added into Passwordstate, then members of this security group would have access to Passwordstate, and any Password Lists you've applied permissions to.

 

So only import Security Groups for users who you wish to have access to Passwordstate.

Regards

Click Studios

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

×
×
  • Create New...