Specify list of groups whose user members' Kerberos credentials require infinite renewal even after users have logged out.
The specified groups must be Active Directory groups (no need to be zone enabled). Group names should be in format
All zone enabled users who are members of the groups specified, including members of any nested groups and the users whose primary group is set to one of the groups specified, will have their Kerberos credentials renewed (or reissued) automatically.
This group policy modifies the krb5.cache.infinite.renewal.batch.groups setting in the Centrify DirectControl configuration file.