Deny groups

This keyword can be followed by a list of group name patterns, separated by spaces.
Login is disallowed for users whose primary group or supplementary group list matches one of the patterns. '*' and '?' can be used as wildcards in the patterns.
Only group names are valid; a numerical group ID is not recognized. By default, login is allowed for all groups.

Supported on:

Registry HiveHKEY_LOCAL_MACHINE
Registry PathSoftware\Policies\Centrify\ssh
Value Namessh.denygroups.enabled
Value TypeREG_DWORD
Enabled Value1
Disabled Value0

Specify a list of rescue users (enter the comma-separated user or group names, e.g. user1@domain.com, group1@domain.com, or use * to include all AD users):

Registry HiveHKEY_LOCAL_MACHINE
Registry PathSoftware\Policies\Centrify\ssh
Value Namessh.denygroups.enabled
Value TypeREG_DWORD
Default Value

centrify_unix_settings.admx

Administrative Templates (Computers)

Administrative Templates (Users)