Announcement

Collapse
No announcement yet.

Security Privileges not applied till next logon

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Security Privileges not applied till next logon

    I have a Windows 2003 active directory domain and I find that when assigning or revoking security privileges via group memberships as standard they don't take effect until the user logs off and back on again.

    This is a problem from the point of view that users can't access files until they log off and back on to get the effective group membership to access the files that have permissions assigned to the group.

    It's also a problem from the point of view of revoking privileges. If I revoke an administrator for example, the account still has administrative rights indefinitely until it logs off!

    Is there a way to force the security changes, group membership changes etc to take effect without having users log off and back on again?

  • #2
    Re: Security Privileges not applied till next logon

    I dont think you can do that (please someone post if im wrong) but it is my understanding that security tokens are allocated at logon and as such any changes made only take effect when the user logs on again. You could use a batch file to force the user to log off when permissions are revoked.
    Server 2000 MCP
    Development: ASP, ASP.Net, PHP, VB, VB.Net, MySQL, MSSQL - Check out my blog http://tonyyeb.blogspot.com

    ** Remember to give credit where credit is due and leave reputation points sigpic where appropriate **

    Comment


    • #3
      Re: Security Privileges not applied till next logon

      Chris is correct. Security token is built during logon, but not only. There is a workaround. You can instruct users to run something like:

      Code:
      runas /user:domain\username cmd
      This will open a new prompt. The good part is that will also build a new security token (because of the use of "runas"). Now you can kill the explorer.exe process and launch a new explorer.exe from the prompt (that already has the updated security token).

      Might work for techniacal folks. Not recommended for non-techies...
      Guy Teverovsky
      "Smith & Wesson - the original point and click interface"

      Comment


      • #4
        Re: Security Privileges not applied till next logon

        thanks for the tip, will remember that. For users it's probably better to just make them log off unless I can full script this so they can just run one command....

        perhaps I'll look into this at some point...

        in the meantime any other suggestions are welcome (or suggestions for the way of batching or scripting this...)

        Comment

        Working...
        X