Active Directory

How to configure the TGT time by group policy

Last Updated: June 24, 2023
0 321

The Ticket-Granting Ticket (TGT) time-to-live (TTL) is the maximum amount of time that a TGT can be used to request additional tickets. The default TGT TTL is 10 hours.

To configure the TGT time by Group Policy, you can follow these steps:

  • Open the Group Policy Management console and create or edit a Group Policy Object (GPO).
  • Navigate to Computer Configuration > Policies > Windows Settings > Security Settings > Account Policies > Kerberos Policy.

TGT-Time-by-group-policy

  • Double-click “Maximum lifetime for user ticket renewal” and select the “Define this policy setting” option.
  • Enter the desired TGT TTL value in hours in the “Maximum lifetime for user ticket renewal” field.

TGT-value-10-hours

  • Click “OK” to save the changes.

Note that this setting will apply to all computers that are part of the domain and are subject to the GPO. You can also configure the TGT time-to-live using the ksetpwd utility or the Active Directory Users and Computers snap-in.

How to verify the TGT TTL value on a specific computer?

You can verify the TGT TTL value on a specific computer by using the “klist” command-line tool.

Here are the steps to verify the TGT TTL value:

  • Open a Command Prompt window on the computer whose TGT TTL value you want to verify.
  • Type “klist tgt” and press Enter. This command displays information about the currently cached TGT, including its expiration time.

TGT-value

  • Look for the “Renew until” field in the output. This field displays the time when the TGT will expire and the user will need to obtain a new TGT. The TGT TTL value is calculated by subtracting the current time from the “Renew until” time.

For example, if the “Renew until” time is 4:00 PM and the current time is 2:00 PM, then the TGT TTL value is 2 hours.

Note that the TGT TTL value may be different on different computers, depending on how the Kerberos policy has been configured.

So, that’s all in this blog. I will meet you soon with next stuff. Have a nice day!!!

Guys please don’t forget to like and share the post. Also join our WindowsTechno Community and where you can post your queries/doubts and our experts will address them.

You can also share the feedback on below windows techno email id.

If you have any questions, feel free to contact us onadmin@windowstechno.com also follow us on facebook@windowstechno to get updates about new blog posts.

How useful was this post?

Click on a star to rate it!

As you found this post useful...

Follow us on social media!

Was this article helpful?
YesNo
Tags
Last Updated: June 24, 2023
0 321
Photo of Vipan Kumar

Vipan Kumar

He is an Active Directory Engineer. He has been working in IT industry for more than 10 years. He is dedicated and enthusiastic information technology expert who always ready to resolve any technical problem. If you guys need any further help on subject matters, feel free to contact us on admin@windowstechno.com Please subscribe our Facebook page as well website for latest article. https://www.facebook.com/windowstechno

Leave a Reply

Back to top button