Hi!
I have been looking at this post to accomplish this.
http://woshub.com/how-to-refresh-ad-groups-membership-without-user-logoff/
I want to do the following:
1. Add an Active Directory group to a user granting access to a network share
2. Purge the kerberos ticket on the local machine
3. Run gpupdate /force for the user to get the newly added permissions and share not needing to log out.
I have tried using klist in several ways to purge the kerberos tickets but it does not seem to update the permissions or disks/shares whatever I do.
I have tried removing and connecting the network disk connected to the share before and after using klist and gpupdate /force
I have tried running klist in several ways in both cmd and Powershell both with- and without admin.
I have tried the following lines of code both from Active Directory with PSSession and locally on the machine:
Get-WmiObject Win32_LogonSession | Where-Object {$_.AuthenticationPackage -eq 'Kerberos'} | ForEach-Object {klist.exe purge} Get-WmiObject Win32_LogonSession | Where-Object {$_.AuthenticationPackage -ne 'NTLM'} | ForEach-Object {klist.exe purge -li ([Convert]::ToString($_.LogonId, 16))}
$AccountName = $env:USERNAME
$loggedOn = Get-CimInstance Win32_LoggedOnUser | where {$_.Antecedent.Name -like $accountName}
foreach ($sess in $loggedOn)
{
C:\Windows\System32\klist.exe purge -li ("0x{0:X}" -f [int]$sess.Dependent.LogonId)
}In one case i got some error messages but can't seem to find anything of value relating to them in my research:
PS C:\WINDOWS\system32> Get-WmiObject Win32_LogonSession | Where-Object {$_.AuthenticationPackage -ne 'NTLM'} | ForEach-Object {klist.exe purge -li ([Convert]::ToString($_.LogonId, 16))}
Current LogonId is 0:0xb368bac
Targeted LogonId is 0:0x3e7
Deleting all tickets:
Ticket(s) purged!
Current LogonId is 0:0xb368bac
Targeted LogonId is 0:0x3e5
Deleting all tickets:
Ticket(s) purged!
Current LogonId is 0:0xb368bac
Targeted LogonId is 0:0x3e4
Deleting all tickets:
Ticket(s) purged!
Current LogonId is 0:0xb368bac
Targeted LogonId is 0:0x18fbe348
Deleting all tickets:
Ticket(s) purged!
Current LogonId is 0:0xb368bac
Targeted LogonId is 0:0x18fbe336
Deleting all tickets:
Ticket(s) purged!
Current LogonId is 0:0xb368bac
Targeted LogonId is 0:0x18f2ac0c
Deleting all tickets:
Ticket(s) purged!
Current LogonId is 0:0xb368bac
Targeted LogonId is 0:0xb368bd9
Deleting all tickets:
Ticket(s) purged!
Current LogonId is 0:0xb368bac
Deleting all tickets:
Ticket(s) purged!
Current LogonId is 0:0xb368bac
Targeted LogonId is 0:0xdc705
Deleting all tickets:
Error calling API LsaCallAuthenticationPackage (purge substatus): 1312
klist failed with 0xc000005f/-1073741729
Current LogonId is 0:0xb368bac
Targeted LogonId is 0:0xdc6cb
Deleting all tickets:
Error calling API LsaCallAuthenticationPackage (purge substatus): 1312
klist failed with 0xc000005f/-1073741729
Current LogonId is 0:0xb368bac
Targeted LogonId is 0:0x5caca
Deleting all tickets:
Ticket(s) purged!
Current LogonId is 0:0xb368bac
Targeted LogonId is 0:0xb352ea2
Deleting all tickets:
Ticket(s) purged!
Current LogonId is 0:0xb368bac
Targeted LogonId is 0:0xb352e55
Deleting all tickets:
Ticket(s) purged!
Current LogonId is 0:0xb368bac
Targeted LogonId is 0:0x126f5
Deleting all tickets:
Ticket(s) purged!
Current LogonId is 0:0xb368bac
Targeted LogonId is 0:0xb351fa2
Deleting all tickets:
Ticket(s) purged!This does work with permission groups for printers and updates without any issue.
Does anybody know what could cause this issue?