WinGate Forums

WinGate Proxy Server and other Qbik products

Skip to content

Access Rules. Update user groups

Use this forum to post questions relating to WinGate, feature requests, technical or configuration problems

Moderator: Qbik Staff

Post a reply

Access Rules. Update user groups

Postby Nikituki » Mar 31 15 9:54 pm

Hello!

I'm creating Access Rule, which denied access for users not in specific domain group.
When I'm adding user to this group - he gain access. But if I then delete it from group, access not rejected. I think, it's cached.
How I can refresh cache?

p.s. sorry for my english.
Nikituki
 
Posts: 1
Joined: Mar 31 15 9:47 pm
Top

Re: Access Rules. Update user groups

Postby adrien » Apr 13 15 1:02 pm

Hi

group membership in windows in an Active Directory is cached by windows.

Normally group membership is evaluated once when the user logs into windows, and a user token is created which contains the SID of every group the user is a member of. This token is cached for the duration of the windows session (e.g. while the user is logged into windows). This is done because in a large AD with many groups, evaluation of group membership can be very expensive - too expensive to do every time group membership is needed for security checking.

I think there are ways to clear the cache, but I think they are command line commands in the windows client, or requiring them to log out of windows then back in again.

Regards

Adrien de Croy
adrien
Qbik Staff
 
Posts: 5448
Joined: Sep 03 03 2:54 pm
Location: Auckland
Top
Post a reply

Return to WinGate

Who is online

Users browsing this forum: No registered users and 4 guests

Switch to mobile style
Powered by phpBB® Forum Software © phpBB Group