Page 1 of 1 1
Topic Options
#152280 - 2005-11-25 05:47 PM Clean TokenCache when computer is renamed
Flavien Offline
Getting the hang of it

Registered: 1999-07-21
Posts: 95
Loc: Geneva, Switzerland
I've spent the afternoon trying to find out why KiXtart did not think that I was in Administrators...

If InGroup("\\" + @WkSta + "\" + SidToName("S-1-5-32-544")) > 0
;User is admin
EndIf

Well, I renamed the computer earlier this week...

Workaround:
If InGroup("\\" + @WkSta + "\" + SidToName("S-1-5-32-544")) = 0
;User should be at least user...
DelTree("HKEY_CURRENT_USER\Software\KiXtart\TokenCache")
EndIf


My suggestion to Ruud is to include the computer name in the token cache. If it doesn't match the current @wksta, refresh the cache.

Top
#152281 - 2005-11-28 02:52 PM Re: Clean TokenCache when computer is renamed
Richard H. Administrator Offline
Administrator
*****

Registered: 2000-01-24
Posts: 4946
Loc: Leatherhead, Surrey, UK
Where you are using roaming profiles this would mean that the cache may be removed when it needn't be - not a big issue where your users always use the same computer, but potentially a problem for example in the Citrix environment where your user may rarely log on to the same machine twice in a row.

Including the machine name in the registry path would avoid this problem, but would bloat your HKCU hive as each machine you log onto would create an independant cache.

Top
#152282 - 2005-11-28 03:17 PM Re: Clean TokenCache when computer is renamed
Flavien Offline
Getting the hang of it

Registered: 1999-07-21
Posts: 95
Loc: Geneva, Switzerland
That is a good point. Clearing the cache too soon would negate its effectiveness.

Maybe only the local SIDs should be refreshed (S-1-5-32-*) when the computer name changes? This would add only one entry in the registry (with the computer name used when doing the last enumeration).

Top
#152283 - 2005-11-29 03:26 PM Re: Clean TokenCache when computer is renamed
Kdyer Offline
KiX Supporter
*****

Registered: 2001-01-03
Posts: 6241
Loc: Tigard, OR
Question - Wouldn't Microsoft's SysPrep take care of this as it has the option to re-generate the Computers SID anyway? That is what we use when we re-image a machine and it works pretty slick.

Kent
_________________________
Utilize these resources:
UDFs (Full List)
KiXtart FAQ & How to's

Top
#152284 - 2005-12-14 01:28 AM Re: Clean TokenCache when computer is renamed
Witto Offline
MM club member
*****

Registered: 2004-09-29
Posts: 1828
Loc: Belgium
Why sysprep a computer if the SID is unique? Just to clear a KiXtart TokenCache?
Top
#152285 - 2005-12-14 04:28 AM Re: Clean TokenCache when computer is renamed
Sealeopard Offline
KiX Master
*****

Registered: 2001-04-25
Posts: 11164
Loc: Boston, MA, USA
If you SysPrep a computer the token cache will be empty anyway with regards to the local SIDs.
_________________________
There are two types of vessels, submarines and targets.

Top
Page 1 of 1 1


Moderator:  Lonkero, ShaneEP, Jochen, Radimus, Glenn Barnas, Allen, Ruud van Velsen, Mart 
Hop to:
Shout Box

Who's Online
1 registered (Allen) and 466 anonymous users online.
Newest Members
gespanntleuchten, DaveatAdvanced, Paulo_Alves, UsTaaa, xxJJxx
17864 Registered Users

Generated in 0.047 seconds in which 0.017 seconds were spent on a total of 12 queries. Zlib compression enabled.

Search the board with:
superb Board Search
or try with google:
Google
Web kixtart.org