 | Mike Verhagen on geerlingguy/my-backup-plan: Ho… |
 | Attila Kovacs on docs.embarcadero.com unreachab… |
 | David Blue on MacOS: converting a man page t… |
 | jpluimers on How do I pretty-print JSON in… |
| jpluimers on Delphi 10.2 Tokyo Godzilla ISO… |
Posted by jpluimers on 2014/01/13
Another one from the “missed schedule” series, this one was originally scheduled for 20130927.
These articles were not very clear on the actual steps to take:
The steps I tried: Read the rest of this entry »
Posted in Fusion, Power User, VMware, VMware Workstation, Windows, Windows 7, Windows 8 | Leave a Comment »
Posted by jpluimers on 2014/01/13
This can happen when your Windows Security Token bloat has struck:
… the problem could be minor, or relatively major. You may get weird access denied messages, applications crashing, or strange entries in your event logs. Or worse yet a SID for a group that has a ‘deny permission’ on an object could be dropped into the virtual bit bucket, allowing a user to access a resource they are not supposed to access.
…
Summary of fixes for token bloat:
- Use global or universal groups instead of domain local.
- Increase the MaxTokenSize on all computers
- Convert security groups to distribution groups if they are only used for email lists.
…
There is a hard-coded limit of 1,024 SIDs for the Kerberos PAC (privilege attribute certificate)
…
Kerberos token size still remain to 64k in windows7 / win2008r2.
This is what UWWI did to avoid token bloat: UWWI Token Bloat – IAM – UW Information Technology Wiki.
–jeroen
via:
Posted in Power User, Windows, Windows 7, Windows 8, Windows Server 2000, Windows Server 2003, Windows Server 2003 R2, Windows Server 2008, Windows Server 2008 R2, Windows Vista, Windows XP | Leave a Comment »
The Wiert Corner - irregular stream of stuff 