Hey folks, I've been running into a bit of a problem where users in the "Protected Users" group in Active Directory seem to lose access to network folders and printers hosted on the printer server `\printer-server` every so often. They can get back in after logging out and back in, but I'm wondering if this is just how it's designed to work or if it suggests there's something wrong with my setup. Any insights would be appreciated!
3 Answers
It's also worth noting that Protected Users can’t use NTLM authentication. If your printing setup relies on NTLM instead of Kerberos, that might be causing the access issues you’re seeing. You might want to check if you've implemented the necessary fixes for that.
Also, like someone pointed out, it's generally not a good idea to have protected users trying to print or perform tasks that require elevated permissions for long periods. This behavior is actually intentional to enhance security.
So, the reason behind this could be the Kerberos ticket lifetime for Protected Users, which is actually set to just 4 hours. This is by design, so it's not necessarily a misconfiguration on your end.
Thanks for the heads up! I’ll look into NTLM polling and see if that’s where the problem lies.