如何使许可再次申请在Windows AD登录的用户没有使他重新登录 [英] How to make permission re-apply for a logged-in user in Windows AD without making him log in again
问题描述
我远程从G组中删除用户U 但我必须注销并登录的用户U,以确保为G组的权限并没有任何更多适用于用户U。
I am remotely removing a user U from a Group G. But I have to log off and log on the user U to ensure that permissions for Group G do not apply any more to User U.
这是在Windows 2008服务器上。
This is on a Windows 2008 server.
有没有办法迫使整个演习计算权限在用户登录(当用户登录在其中完成)的?
Is there a way to force the entire exercise of calculating permissions (which is done when a user logs in) while the user is logged in?
在此先感谢。
推荐答案
可以清除的Kerberos TGT(和你的服务票据)使用类似净化klist的。我不知道叫以编程方式做什么的API。
You can purge the Kerberos TGT (and all your service tickets) using something like klist purge. I don't know what APIs to call to do this programmatically.
这只会刷新令牌组(和权利),当您访问远程资源,虽然。
This will just refresh the groups (and rights) in your token when you access remote resources, though.
这篇关于如何使许可再次申请在Windows AD登录的用户没有使他重新登录的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!