I am trying to setup compound permissions on a windows 2012R2 file server so that I can restrict access from only certain windows 10 machines.
I have turned on "KDC Support for Claims compound authentications and kerberos armoring" on the server and Kerberos client support for claims, compound authentication and kerberos armoring in a GPO.
I try and map the file share using the name of the server rather than a ip address but it gives me an access is denied. Turning off the compound permission (That does the device group access) works correctly so I know the permissions are set right
I can test the effective access and it appears correctly but when trying from a windows 10 1803 domain joined machine that is in the group of machines that I set to allow access from I get permission denied.
I am testing this in a Azure lab on a fresh 2012R2 DC and a single windows 10 1803 client but with out any luck. What kind of troubleshooting can I do or what logs or audits could I turn on to see what is failing ?
As always thanks for your help