Reply to Message

View discussion in a popup

Replying to:
Squidly_Man
VMware Employee
VMware Employee

Check your active directory synchronization settings.  The defaults are 90 minutes I believe for standard info synch such as security group changes (high priority such as password changes or accounts being disabled are done immediately).

You can go into AD Sites and Services and force the synchronization.

http://technet.microsoft.com/en-us/library/cc816926(v=ws.10).aspx

Additionally, the workstation OS will have cached logon settings.  If you wish to test the app assignments via security group changes, you may wish to modify the below setting to 0.


Computer Config \ Policies \ Windows Settings \ Security Settings \ Local Policies \ Security Options \ Interactive Logon

Number of Previous Logons to Cache: 0

NOTE:  If you set the above on a laptop, this will disable the laptop's ability to logon when not connected to the domain!  Change the above setting at your own risk!  The same goes for Offline View desktops!


-Dean F. https://www.vmware.com/support/pubs/identitymanager-pubs.html
Reply
0 Kudos