Skip to main content

Updating computer's AD Security Group membership without rebooting

I found the following to be very useful -

From the elevated command prompt execute “klist –li 0x3e7” to view the logon session of the computer account. To purge them, simply execute “klist –li 0x3e7 purge”.

A typical use case might involve targeting GPOs based on computer's group membership. When you add computer to the group in order to test the application of policies you can reboot it or, alternatively, run the above mentioned to clear logon sessions, then do “gpupdate /force” and check.

In a spirit of giving credit where credit is due, I found a few references to this, but the one I learned it from was http://setspn.blogspot.com/2010/10/updating-servers-security-group.html

Comments

  1. CE A good blog always comes-up with new and exciting information and while reading I have feel that this blog is really have all those quality that qualify a blog to be a one.

    ReplyDelete
  2. Browse the list of coating agent in food additives online With so many books and articles coming up to give gateway to make-money-online field and confusing reader even more on the actual way of earning money,

    ReplyDelete
  3. CBD Isolate Wholesale Your amazing insightful information entails much to me and especially to my peers. Thanks a ton; from all of us.

    ReplyDelete
  4. dog leash Superbly written article, if only all bloggers offered the same content as you, the internet would be a far better place..

    ReplyDelete

Post a Comment

Popular posts from this blog

Mail-enabled security groups in Office 365

Another update (11/19/2013):  further evolution of Office 365 services makes creation of distribution and security groups even easier, plus there's now an option of creating a dynamic distribution group (click here for more information):    Update (08/06/2012): a clear sign of Office 365 evolving along the same lines as other agile cloud services - small incremental features and minor new functionality are being delivered almost continuously and, unlike important major service updates,  without much fanfare. For example, there's no need to resort to using PowerShell to setup mail-enabled security groups anymore, it can now be done at creation using management portal:       Those managing Office 365 ( O365 ) tenant via the Microsoft Online Services Portal  ( MOS Portal ) interface would notice that there are two distinct group entities: Security Groups: can be created via MOS Portal (main portal page>Management>Security Groups) and used for assigning

Drumbeat - Sales and Technical Resources for Office 365

​ Drumbeat - provides information as well as technical and sales resources for Office 365. From partnering with Microsoft, to building up your sales and technical readiness, to adopting proven methodologies for successful deployment - you will find lots of good information and many helpful links there. Here's a quick sample of topics covered: The Customer Decision Framework is Microsoft's selling methodology designed to help partners sell Office 365 to their customers. Office 365 FastTrack is Microsoft's new, 3-step pilot and deployment methodology designed so customers experience service value early in the sales cycle with a smooth path to advance from a pilot to deployment.

UAG 2010, SP4

Unified Access Gateway (UAG) 2010 Service Pack 4 (SP4) has been out for a while. Another much anticipated update which brings support for  Windows 8.1, IE11, etc. Download the Service Pack  here Review release notes  here Read through the installation instructions here After performing the upgrade test UAG functionality from the client side, on a number of occasions the following error has been reported - "Forbidden Directory, Listing Denied Error code 403.14". If you find yourself among the unlucky few, read through the following post ; which applies, even though it references a different update. Here are the steps outlined in the post with a minor modification (steps 7-8): Open Forefront UAG management on the UAG server Open/Explore the Trunks under the HTTP and/or HTTPS connections Right click each Trunk and select Disable Save and Activate the UAG configuration Right Click the trunks again and select enable Save and Activate the Configuration again Open the