#168561 - 2006-09-28 03:22 PM
Force InGroup() kerberos update?
|
Bjöppe
Fresh Scripter
Registered: 2006-06-22
Posts: 6
|
Hi again, been awhile since my last post! 
Using InGroup() works just lovely in our menubuilder script, and kix has lowered the time to build menus at logon alot since going from vb -> kix, ROCK ON! 
However, one problem persist -- Considering we have 1600 clients and a trained supportstaff, and the old menubuilder-routine could be started "on the fly" and the new ica-icon would appear in the rebuilt menu, forcing people to logoff and logon to get their new programs is getting pretty tiresome -- not least from the vb-fanatics throwing wood on the fire on the issue 
Can someone think of a solution to get a new "kerberos token" to the user in some way, so the new group added to the user on the DCs will get picked up by the client and hence, the kix-script will have access to the file(s) and properly rebuild our menus?
Cheers!
|
|
Top
|
|
|
|
#168562 - 2006-09-28 03:32 PM
Re: Force InGroup() kerberos update?
|
Björn
Korg Regular
Registered: 2005-12-07
Posts: 953
Loc: Stockholm, Sweden.
|
That one weird nick based on Björn 
I ponder if a gpupdate would suffice *_* (prolly not)
|
|
Top
|
|
|
|
|
#168563 - 2006-09-28 03:59 PM
Re: Force InGroup() kerberos update?
|
Howard Bullock
KiX Supporter
Registered: 2000-09-15
Posts: 5809
Loc: Harrisburg, PA USA
|
What methodology was used in the vb script to check group membership?
How was the user forced to logoff using the vb script?
From what you wrote, it appears that the old process required a logoff and logon to work. Is this correct?
Define what happens when you say "run on the fly".
|
|
Top
|
|
|
|
|
#168565 - 2006-09-29 08:31 AM
Re: Force InGroup() kerberos update?
|
Bjöppe
Fresh Scripter
Registered: 2006-06-22
Posts: 6
|
Quote:
That one weird nick based on Björn
I ponder if a gpupdate would suffice *_* (prolly not)
Yeah, it's my nickname, given by some damn consultant some 11 years ago, it has stuck 
I'll try that.
Quote:
What methodology was used in the vb script to check group membership?
How was the user forced to logoff using the vb script?
From what you wrote, it appears that the old process required a logoff and logon to work. Is this correct?
Define what happens when you say "run on the fly".
The vb-script used NTFS-permissions, i.ex tried to "copy" _everything_ to the client. This did not require any logoff for some reason, but the process was really, really slow on remote sites. Hence, they did not require to logon/logoff. The KIX-script was built using InGroup() and a configfile, to just copy the files necessary, however, this is not updated and re-running the script would not gain access to the new icons/files after adding the user to a domaingroup. Hope this clears things up abit regarding my silly "on-the-fly" wording.
Quote:
to reload the auth stuff, you would need to totally disconnect from the server and reconnect again.
if the credentials are part of the logon credentials, there is no way to refresh the rights than via re-logon.
Ok, my guess is that InGroup() is using the kerberos ticket gained at logon, hence I'd guess there's no way to force a re-creation of this in a easy way. 
Thanks for the input, guys!
/Weird UNIX-guy trying to do things in the MS-world.
|
|
Top
|
|
|
|
Moderator: Jochen, Allen, Radimus, Glenn Barnas, ShaneEP, Ruud van Velsen, Arend_, Mart
|
0 registered
and 1045 anonymous users online.
|
|
|
