Set the Type of Time Stamp Record

The privilege elevation service uses per-user timestamp files for credential caching. You can use this group policy to specify the type of timestamp record for the service to use.

If you set this group policy to Not configured or Disabled, the service uses the tty time stamp record type.

If you set this group policy to Enabled, you can set this group policy to any of the following values:

__global__: A single time stamp record is used for all of a user’s login sessions, regardless of the terminal or parent process ID.

__ppid__: A single time stamp record is used for all processes with the same parent process ID (usually the shell). Commands run from the same shell (or other common parent process) will not require a password for dzdo.timestamp_timeout minutes (5 by default). Commands run by way of sudo with a different parent process ID, for example from a shell script, will be authenticated separately.

__tty__: One time stamp record is used for each terminal, which means that a user’s login sessions are authenticated separately. If no terminal is present, the behavior is the same as ppid. Commands run from the same terminal will not require a password for dzdo.timestamp_timeout minutes (5 by default).

This group policy modifies the dzdo.timestamp_type setting in the agent configuration file.