XP aware of NTFS permission change without logging off

I have a standard W2K3 domain set up with shared folders.

Users are running XP Pro, and often have a shared folder mapped to a network drive.

If a user doesn't have access to a particular folder and requires it, i'll add them to the group with relevant permissions on that folder.

After adding user to the new group, users can't access the shared folder until..
a) they log off and back on again
b) wait a little while... (not sure exactly,..  15 mins maybe?)

Is there anything i can do on either the client or the server to force the XP machine to be aware that the user/group permission has changed?  Preferable one which doesn't involve (a) or (b)

Who is Participating?
dhoffman_98Connect With a Mentor Commented:
I'm not sure that B is really going to make a difference unless you have some GPO that is making changes... but in general making a change to group membership means that the user's Kerberos token will change. This token contains the user's security information, including group membership information. The security token is called each time you attempt to access a privileged resource and if the token has the appropriate information your access will be granted or denied.

The trick is this... the Kerberos token is generated at login time... thus the need for a user to log out and log in again.
Brett DanneyIT ArchitectCommented:
dhoffman_98 is spot on, however the reason option B also works is because of replication, a call is made to AD on a deny to verify Group membership (in case changes have been made) it will work at this point because AD is fully replicated and able to confirm membership. To answer your question there is no other way to get this process over with out using option A or B. What you could do is force a replication, but to do this after each group membership update will be frustrating, rather just wait out the 15 minutes or reboot.
http:// thevpn.guruCommented:
gpupdate /force
The original question said nothing about GPOs. So what is gpupdate going to do? It does nothing for refreshing the token or NTFS permissions.
Forced accept.

EE Admin
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.