You have two choices. Disable UAC or stop using an account that is a member of the Administrators Group for day to day operations. I would choose the latter.
Jeffrey Altman On 4/5/2011 4:51 PM, Jonathan Nilsson wrote: > Hello, > > I'm running Windows 7 Professional 64-bit, joined to an Active Directory > domain > which is my Kerberos REALM for my OpenAFS cell. Everything works fine, but I > have recently noticed that when I login with a domain account, Network > Identity > Manager does not seem to be automatically getting an AFS token. It just > pops-up > a password prompt for my Kerberos "identity" as it calls it. > > I did some searching and found this page in the NIM docs which seems to > describe > my situation: > > http://www.secure-endpoints.com/netidmgr/v2/docs/netidmgr/html/config_k5.htm > > which about half way down the page has this paragraph: > > "On Windows Vista, Windows 7, and Windows Server 2008 the operating system > does > not permit the importation of the Kerberos Ticket Granting Ticket if the > active > user account is a member of the Administrators or Domain Administrators groups > and User Account Control (UAC) mode is active." > > My domain account is a member of the local computer's Administrators group. Is > there any workaround besides completely disabling UAC? > > In the mean time I removed my account from the local "Administrators" group, > and > NIM works again. >
signature.asc
Description: OpenPGP digital signature
