Link to home
Start Free TrialLog in
Avatar of zenportafino
zenportafino

asked on

Token expires after how long?

I hate that it becomes so ridiculously hard to find simple information like this.  Does anyone know how long a token lasts in a win 2000 Active Directory domain?  I'm restricting hours for users but they have learned that if they lock their systems and not log off, they can stay on way beyond the restricted times.

I'm trying to find out if I can adjust the time a token lasts if possible.  Does anyone know how long they last by default??

Thanks in advance!
Avatar of slangtech
slangtech
Hi zenportafino. Here is a link or two which may solve your issues, they include the forced log off policy inclusion fix (regardless of station lock) and shows how to set it up. Just assuming that you never saw this on M$, you probably already have. :)

http://support.microsoft.com/default.aspx?scid=kb;en-us;318714

Also see this link:
http://support.microsoft.com/kb/288180/EN-US/

Slangtech
Avatar of slangtech
slangtech
Oh, as a side note you must have the latest service pack installed, the repair is included.
slangtech
Avatar of slangtech
slangtech
Further to the prior links, here is another which directs the actual schema setup for user policies inside Active Directory, you'll need to grab some popcorn for this one :)

http://www.microsoft.com/technet/prodtechnol/windows2000serv/technologies/activedirectory/maintain/bpguide/part1/adsecp1.mspx#EDAA

Slangtech
Avatar of slangtech
slangtech
Also see this link, it is directly related to the sID token and offeres explanation of how to manipulate them according to user policy.

http://msdn.microsoft.com/library/default.asp?url=/library/en-us/secauthz/security/access_tokens.asp

I hope these help

Slangtech
ASKER CERTIFIED SOLUTION
Avatar of slangtech
slangtech
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of wjc7662
wjc7662
The default settings are in group policy under Kerberos settings under Computer configuration -->  Windows Settings -->  Security Settings  -->  Account Policies  --> kerberos Policy.  You can adjust your kerberos ticket settings there to specify logon time