Beware of NTLM when using Temporary Group Memberships

Short-term group memberships might lead to long-term permissions

Temporary Group Memberships are a very welcome addition to Windows Server 2016 Active Directory Domain Services.

It gives you the means to elevate privileges for someone temporarily.

However, this blog post is not here to give instructions on enabling it or using it. You will find plenty of that elsewhere.

This blog post is here to remind you not to trust this feature blindly.

Your short-term group membership might give you long-term privileges.