Token expires after how long?

I hate that it becomes so ridiculously hard to find simple information like this.  Does anyone know how long a token lasts in a win 2000 Active Directory domain?  I'm restricting hours for users but they have learned that if they lock their systems and not log off, they can stay on way beyond the restricted times.

I'm trying to find out if I can adjust the time a token lasts if possible.  Does anyone know how long they last by default??

Thanks in advance!
LVL 1
zenportafinoAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

slangtechCommented:
Hi zenportafino. Here is a link or two which may solve your issues, they include the forced log off policy inclusion fix (regardless of station lock) and shows how to set it up. Just assuming that you never saw this on M$, you probably already have. :)

http://support.microsoft.com/default.aspx?scid=kb;en-us;318714

Also see this link:
http://support.microsoft.com/kb/288180/EN-US/

Slangtech
0
slangtechCommented:
Oh, as a side note you must have the latest service pack installed, the repair is included.
slangtech
0
slangtechCommented:
Further to the prior links, here is another which directs the actual schema setup for user policies inside Active Directory, you'll need to grab some popcorn for this one :)

http://www.microsoft.com/technet/prodtechnol/windows2000serv/technologies/activedirectory/maintain/bpguide/part1/adsecp1.mspx#EDAA

Slangtech
0
Ultimate Tool Kit for Technology Solution Provider

Broken down into practical pointers and step-by-step instructions, the IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy now.

slangtechCommented:
Also see this link, it is directly related to the sID token and offeres explanation of how to manipulate them according to user policy.

http://msdn.microsoft.com/library/default.asp?url=/library/en-us/secauthz/security/access_tokens.asp

I hope these help

Slangtech
0
slangtechCommented:
Oh, and one final thing, the access token 'default' is what you set the user/group policy to be, as the access token is built from the policy tree for that particular user/group: ie: if you set user group officeclerks for 24 hour 9-5 access in the group policy then that is the default access for any user in that group.

have fun!
Slangtech
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
wjc7662Commented:
The default settings are in group policy under Kerberos settings under Computer configuration -->  Windows Settings -->  Security Settings  -->  Account Policies  --> kerberos Policy.  You can adjust your kerberos ticket settings there to specify logon time
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Networking

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.