Posted on Leave a comment

New AD security group for users without logoff

Normally, a user has to log out and then log in again so that the rights of a newly added security group become active.

You can do that without a logoff. To do this, the CMD simply has to be started in the user context. Then enter klist purge there and execute it.

The user's Kerberos tickets are deleted and have to be queried again. But all of this only works with Kerberos. This way does not work with NTLM.

Posted on Leave a comment

Variabel read-only?

Today I stumbled upon the error "Variable $ False cannot be changed because it is readonly" in Powershell. The faulty code is hidden here:

param($neuerBenutzer, $verzeichnis, $zugriffsrechte, $testModus=$False, $behalteStandard=$True)

The problem wasn't the code, but the order. In this case, Param belongs to the whole script. So it has to be at the beginning of the code.

The error appears if you have cls in front of param, for example, or maybe an add-in is loaded. Just change the order and it'll work again.