Open PeterRoots opened 2 years ago
Does it work if you enclose the group in quotes?
hard to say as it is no longer possible to add AD groups of any kind
https://github.com/MicrosoftDocs/Windows-Admin-Center-Ideas-and-Feedback/issues/70 and https://github.com/MicrosoftDocs/Windows-Admin-Center-Ideas-and-Feedback/issues/69
well an update has given us back the ability to control access with domain groups but not fixed the issue of domain groups with spaces in the name. Quoting them does not work. (single or double quotes). Considering many of the Windows builtin groups have spaces and domain admins is a pretty widely used group this is a fairly significant issue
I tested this all weekend. I found that the first time a created a group called wacgatewayadmin. it showed as a WAC gateway administrator for some time and then reverted to a user group!
I verified in the Har file, the group said gateway administrator but was not functioning as a gateway administrator! it was showing under users!
I finally did get a second group to also be a gateway administrator and the har looks encouraging. but the other group had to match the built-in group in every way!
Steps
Create a new AD group based off the builtin administrators (copy)
Add the same membership to that group
Add wacgatewayadmin to the WAC credssp admin group
Add wacgatewayadmin to the local Administrators group.
I get the following in the HAR browser logs:
[{"name":"BUILTIN\Administrators","type":"SecurityGroup"},{"name":"rreerc\wacgatewayadmin","type":"SecurityGroup"}]
I removed myself from the entire administrator group membership- at least locally
thumbnail image 14 of blog post titled
Windows Admin Center version 2211 is now generally available!
IT does seem to be working, but I am concerned it is going to revert the whole group again. FYI- it seems you can make another built in group as the gateway administrator but - no spaces in that group and it has to be in the Builtin OU of AD.
and you see now i show two gateway administrators and it seems to hold
thumbnail image 15 of blog post titled
Windows Admin Center version 2211 is now generally available!
Good Luck
PS i did check the event log- and the only reason this is working is because the group is in the builtin group.
That restriction is still there.
thumbnail image 16 of blog post titled
Windows Admin Center version 2211 is now generally available!
I still don't see the issue fixed in the new version - it's hard when you have domain requirements and extension requirements to meet them both seamlessly. the better thing would be to have one login token and allow the extension to just use the windows token. at least partners like Dell would benefit from making better integrated extensions 2111.1.5.2402.07001 #iwork4dell
Gateway Version 2103.2 Build number 1.3.2105.24004 To Reproduce Steps to reproduce the behavior:
Expected behavior You should be able to enter an AD group with a space in the name, in fact I have been able to in the past but I can no longer do this.