Access allowed or denied when newly added group membership should have changed access
Last Updated March 05, 2019
A user is added to a new group in AD, but the user retains original access to the site as if the group was not added.
ProxySG with Kerberos authentication
Access to a site is incorrectly denied or allowed after a user is newly added to a new group that should change this result.
The Kerberos ticket is set when a user logs on to their PC. When added to a group in AD, this new group membership is not reflected in the current Kerberos ticket, and therefore the value for the new access is not reflected when this is decrypted by the proxy.
Log the user off of their PC and back on to manually refresh the Kerberos ticket.
Under Statistics > Authentication > Display by user, find the user and log them off to force the surrogate to refresh.
Subscribing will provide email updates when this Article is updated. Login is required to Subscribe
Thanks for your feedback. Let us know if you have additional comments below. (requires login)
Subscribed to the Article.
Unable to subscribe
Thanks for your additional feedback !!!
Enterprise Support Virtual Agent
Rate Me :
Tell us more:
Welcome! My name is Sami, the Enterprise Support Virtual Agent answering technical support questions.