Specify NSS group overrides

Specify the group override entries you want to use in place of the entries in the local /etc/group file.

Defining override filters can give you fine-grain control over the groups that can access a local computer. You can also use the override controls to modify the information for specific fields in each group entry on the local computer. For example, you can override the group ID or member list for a specific group on the local computer without modifying the group entry itself.

The syntax for overriding group entries is:

[+,-][group]:name:passwd:gid:members

Groups can be named by UNIX zone name or AD Common Name.

If you don't specify override information for a field, the information from the local /etc/group file is used. You cannot specify override information for the password hash field, however. Any changes to this field in the override file are ignored and do not affect Centrify DirectControl user passwords.

An empty (or non-existent) file is the equivalent of adding one line: +::::. If you check the "Include all other AD groups" box, a +:::: will be appended after the specific entries.

This group policy modifies the nss.group.override setting in the Centrify DirectControl configuration file.

For more information about overriding group entries, see the sample group override file /etc/centrifydc/group.ovr.


Supported on:
Registry HiveHKEY_LOCAL_MACHINE
Registry PathSoftware\Policies\Centrify\CentrifyDC\Settings\NSSOverrides\Group
Value Namenss.overrides.enabled
Value TypeREG_DWORD
Enabled Value1
Disabled Value0
Enable policy:
Registry HiveHKEY_LOCAL_MACHINE
Registry PathSoftware\Policies\Centrify\CentrifyDC\Settings\NSSOverrides\Group
Value Namenss.group.override
Value TypeREG_SZ
Valuefile:/etc/centrifydc/group.ovr

--- Sync ---

at login
Registry HiveHKEY_LOCAL_MACHINE
Registry PathSoftware\Policies\Centrify\CentrifyDC\Settings\NSSOverrides\Group
Value Namenss.group.override
Value TypeREG_SZ
Default Value1
True Value1
False Value0
at logout
Registry HiveHKEY_LOCAL_MACHINE
Registry PathSoftware\Policies\Centrify\CentrifyDC\Settings\NSSOverrides\Group
Value Namenss.group.override
Value TypeREG_SZ
Default Value1
True Value1
False Value0
in the background
Registry HiveHKEY_LOCAL_MACHINE
Registry PathSoftware\Policies\Centrify\CentrifyDC\Settings\NSSOverrides\Group
Value Namenss.group.override
Value TypeREG_SZ
Default Value1
True Value1
False Value0
manually
Registry HiveHKEY_LOCAL_MACHINE
Registry PathSoftware\Policies\Centrify\CentrifyDC\Settings\NSSOverrides\Group
Value Namenss.group.override
Value TypeREG_SZ
Default Value1
True Value1
False Value0

centrifydc_settings.admx

Administrative Templates (Computers)

Administrative Templates (Users)