I have not done a time test, but after I reboot and log on to my machine I have sudo access, but after some period of time, I lose that access and get this message:
Sorry, user <domain_user> is not allowed to execute 'something' as root on <domain_name>.
It is late right now, but if anyone has seen this let me know. if I do an adquery group -D I get this:
CN=Allowed RODC Password Replication Group,CN=Users,DC=angbertent,DC=lan
CN=Cert Publishers,CN=Users,DC=angbertent,DC=lan
CN=Denied RODC Password Replication Group,CN=Users,DC=angbertent,DC=lan
CN=DnsAdmins,CN=Users,DC=angbertent,DC=lan
CN=DnsUpdateProxy,CN=Users,DC=angbertent,DC=lan
CN=Domain Computers,CN=Users,DC=angbertent,DC=lan
CN=Domain Controllers,CN=Users,DC=angbertent,DC=lan
CN=Domain Guests,CN=Users,DC=angbertent,DC=lan
CN=Domain Users,CN=Users,DC=angbertent,DC=lan
CN=Enterprise Read-only Domain Controllers,CN=Users,DC=angbertent,DC=lan
CN=Group Policy Creator Owners,CN=Users,DC=angbertent,DC=lan
CN=RAS and IAS Servers,CN=Users,DC=angbertent,DC=lan
CN=Read-only Domain Controllers,CN=Users,DC=angbertent,DC=lan
CN=Schema Admins,CN=Users,DC=angbertent,DC=lan
What I see missing is Domain Admins, and Enterprise Admins, both of which I am a part of, and if I restart the computer and log back in again, they will be there. So something is timing out, and I am losing access to those two groups, which takes away my sudo powers.
Let me know if you have seen this before, and if you have maybe a script I can run in cron to make sure this stays refreshed, so those groups do not disapear. Thanks in advance.
Chris