Closed dwightchrute closed 2 years ago
Hi @dwightchrute
This article will explain that is going on here
https://docs.lithnet.io/ams/help-and-support/support-articles/kb000002
@ryannewington thanks -i understand this is a windows thing and not a AMS ,but i was thinking why does it let you set an "expiration time" when configuring JIT if it's not going to matter..
It might be more useful to think of the expiry time as the window of time they have to claim admin rights, as opposed to thinking of it restricting admin rights to that window of time.
It's only the user's current logon session that retains the access if they aren't logged off. New connections, inbound network-based connections, etc will not have admin rights after the JIT expiry time.
This issue has been automatically marked as stale because it has not had recent activity. It will be closed in 7 days if no further activity occurs.
I have Just In Time configured and everything is working fine BUT after the time membership expires and user get removed from AD group,they still have local admin rights until log off/on.Has anyone run into this issue? I've left this computer online for 6 days and still have local admin right.JIT access expired 15 min after it was activated and for 6 days until i log off/on,it had local admin rights.Tried token refresh ,gp update etc and nothing works.