kuzum
asked on
TOKEN SIZE
Hi All,
I need to know what the size of a user's token size as user is having some authentication issues in IIS ( just one user)
I noticed user is member of large nested groups in AD
What is the best way determining user's token size? can you please provide step by step guide
thanks
I need to know what the size of a user's token size as user is having some authentication issues in IIS ( just one user)
I noticed user is member of large nested groups in AD
What is the best way determining user's token size? can you please provide step by step guide
thanks
ASKER
thanks David
I was hoping some sort of powershell command may be? it is difficult to get those values manually.
I was hoping some sort of powershell command may be? it is difficult to get those values manually.
You could download tokensz from Microsoft which is the tool for discovering maxtokensize:
http://www.microsoft.com/en-us/download/details.aspx?id=1448
http://www.microsoft.com/en-us/download/details.aspx?id=1448
ASKER
issue that user having is that she cannot browser in intranet site where every one else can. she is receiving "web page cannot be found" error. she can partially browse in the directory she wants. ( no additional permissions needed) this is standard intranet page that everyone has access to. My main focus is on her token size as she might be over the defaults?
Any suggestions please
thank you
Any suggestions please
thank you
As a test, add the following on her PC and reboot the PC:
- Go to Registry location System\CCS\Control\Lsa\Ker beros\Para meters (if key is not present then add it)
- Create value name MaxTokenSize with data type of REG_DWORD (if it exists then change value)
- Set value to Decimal 65535
- Go to Registry location System\CCS\Control\Lsa\Ker
- Create value name MaxTokenSize with data type of REG_DWORD (if it exists then change value)
- Set value to Decimal 65535
ASKER
Mohamed,
can you please tell me what values I'm looking to add or change ? I will need the values you mentioned. thanks
can you please tell me what values I'm looking to add or change ? I will need the values you mentioned. thanks
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
thanks mohammed, I will check this.
Is there any other suggestion to find out what token size is for a specific user? I found Microsoft tool to be very complex.
Any other suggestions please?
thanks
Is there any other suggestion to find out what token size is for a specific user? I found Microsoft tool to be very complex.
Any other suggestions please?
thanks
You could validate what the tokensize for the user is and then increase it on the users' computer by 400. To calculate, run the command below:
tokensz /compute_tokensize
Tokensize is calculated as per below:
Tokensize = 1200 + 40d + 8s
d = Sum of universal groups outside of domain, domain local groups and number of groups represented in the SID history
s = Sum of the number of security global groups the user is member of as well as number of universal groups in user's account domain the user is a member of
1200 = Value for ticket overhead
tokensz /compute_tokensize
Tokensize is calculated as per below:
Tokensize = 1200 + 40d + 8s
d = Sum of universal groups outside of domain, domain local groups and number of groups represented in the SID history
s = Sum of the number of security global groups the user is member of as well as number of universal groups in user's account domain the user is a member of
1200 = Value for ticket overhead
http://bit.ly/1MqcJmP