The Wiert Corner – irregular stream of stuff

Jeroen W. Pluimers on .NET, C#, Delphi, databases, and personal interests

  • My badges

  • Twitter Updates

  • My Flickr Stream

  • Pages

  • All categories

  • Enter your email address to subscribe to this blog and receive notifications of new posts by email.

    Join 4,224 other subscribers

Archive for January 13th, 2014

Steps for shrinking a vmware disk for a Windows guest VM inside VMware Workstation of VMware Fusion

Posted by jpluimers on 2014/01/13

Another one from the “missed schedule” series, this one was originally scheduled for 20130927.

These articles were not very clear on the actual steps to take:

The steps I tried: Read the rest of this entry »

Posted in Fusion, Power User, VMware, VMware Workstation, Windows, Windows 7, Windows 8 | Leave a Comment »

Windows security Token Bloat

Posted by jpluimers on 2014/01/13

This can happen when your Windows Security Token bloat has struck:

… the problem could be minor, or relatively major. You may get weird access denied messages, applications crashing, or strange entries in your event logs. Or worse yet a SID for a group that has a ‘deny permission’ on an object could be dropped into the virtual bit bucket, allowing a user to access a resource they are not supposed to access.

Summary of fixes for token bloat:

  1. Use global or universal groups instead of domain local.
  2. Increase the MaxTokenSize on all computers
  3. Convert security groups to distribution groups if they are only used for email lists.

There is a hard-coded limit of 1,024 SIDs for the Kerberos PAC (privilege attribute certificate)

Kerberos token size still remain to 64k in windows7 / win2008r2.

This is what UWWI did to avoid token bloat: UWWI Token Bloat – IAM – UW Information Technology Wiki.



Posted in Power User, Windows, Windows 7, Windows 8, Windows Server 2000, Windows Server 2003, Windows Server 2003 R2, Windows Server 2008, Windows Server 2008 R2, Windows Vista, Windows XP | Leave a Comment »

%d bloggers like this: