• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 236
  • Last Modified:

Token expires after how long?

I hate that it becomes so ridiculously hard to find simple information like this.  Does anyone know how long a token lasts in a win 2000 Active Directory domain?  I'm restricting hours for users but they have learned that if they lock their systems and not log off, they can stay on way beyond the restricted times.

I'm trying to find out if I can adjust the time a token lasts if possible.  Does anyone know how long they last by default??

Thanks in advance!
0
zenportafino
Asked:
zenportafino
  • 5
1 Solution
 
slangtechCommented:
Hi zenportafino. Here is a link or two which may solve your issues, they include the forced log off policy inclusion fix (regardless of station lock) and shows how to set it up. Just assuming that you never saw this on M$, you probably already have. :)

http://support.microsoft.com/default.aspx?scid=kb;en-us;318714

Also see this link:
http://support.microsoft.com/kb/288180/EN-US/

Slangtech
0
 
slangtechCommented:
Oh, as a side note you must have the latest service pack installed, the repair is included.
slangtech
0
 
slangtechCommented:
Further to the prior links, here is another which directs the actual schema setup for user policies inside Active Directory, you'll need to grab some popcorn for this one :)

http://www.microsoft.com/technet/prodtechnol/windows2000serv/technologies/activedirectory/maintain/bpguide/part1/adsecp1.mspx#EDAA

Slangtech
0
Windows Server 2016: All you need to know

Learn about Hyper-V features that increase functionality and usability of Microsoft Windows Server 2016. Also, throughout this eBook, you’ll find some basic PowerShell examples that will help you leverage the scripts in your environments!

 
slangtechCommented:
Also see this link, it is directly related to the sID token and offeres explanation of how to manipulate them according to user policy.

http://msdn.microsoft.com/library/default.asp?url=/library/en-us/secauthz/security/access_tokens.asp

I hope these help

Slangtech
0
 
slangtechCommented:
Oh, and one final thing, the access token 'default' is what you set the user/group policy to be, as the access token is built from the policy tree for that particular user/group: ie: if you set user group officeclerks for 24 hour 9-5 access in the group policy then that is the default access for any user in that group.

have fun!
Slangtech
0
 
wjc7662Commented:
The default settings are in group policy under Kerberos settings under Computer configuration -->  Windows Settings -->  Security Settings  -->  Account Policies  --> kerberos Policy.  You can adjust your kerberos ticket settings there to specify logon time
0

Featured Post

Upgrade your Question Security!

Add Premium security features to your question to ensure its privacy or anonymity. Learn more about your ability to control Question Security today.

  • 5
Tackle projects and never again get stuck behind a technical roadblock.
Join Now