The Maximum lifetime for user ticket policy setting determines the maximum amount of time (in hours) that a user's ticket-granting ticket can be used. When a user's ticket-granting ticket expires, a new one must be requested or the existing one must be renewed. The possible values for this Group Policy setting are: * A user-defined number of hours from 0 through 99,999 * Not defined. If the value for this policy setting is too high, users might be able to access network resources outside of their logon hours, or users whose accounts have been disabled might be able to continue to access network services by using valid service tickets that were issued before their account was disabled. If the value is set to 0, ticket-granting tickets never expire.

[Hours]

Computer Configuration\Windows Settings\Security Settings\Account Policies\Kerberos Policy\Maximum lifetime for user ticket