XP aware of NTFS permission change without logging off

Posted on 2007-08-07
Last Modified: 2013-12-04
I have a standard W2K3 domain set up with shared folders.

Users are running XP Pro, and often have a shared folder mapped to a network drive.

If a user doesn't have access to a particular folder and requires it, i'll add them to the group with relevant permissions on that folder.

After adding user to the new group, users can't access the shared folder until..
a) they log off and back on again
b) wait a little while... (not sure exactly,..  15 mins maybe?)

Is there anything i can do on either the client or the server to force the XP machine to be aware that the user/group permission has changed?  Preferable one which doesn't involve (a) or (b)

Question by:Sc0tte
    LVL 13

    Accepted Solution

    I'm not sure that B is really going to make a difference unless you have some GPO that is making changes... but in general making a change to group membership means that the user's Kerberos token will change. This token contains the user's security information, including group membership information. The security token is called each time you attempt to access a privileged resource and if the token has the appropriate information your access will be granted or denied.

    The trick is this... the Kerberos token is generated at login time... thus the need for a user to log out and log in again.
    LVL 13

    Expert Comment

    dhoffman_98 is spot on, however the reason option B also works is because of replication, a call is made to AD on a deny to verify Group membership (in case changes have been made) it will work at this point because AD is fully replicated and able to confirm membership. To answer your question there is no other way to get this process over with out using option A or B. What you could do is force a replication, but to do this after each group membership update will be frustrating, rather just wait out the 15 minutes or reboot.
    LVL 19

    Expert Comment

    gpupdate /force
    LVL 13

    Expert Comment

    The original question said nothing about GPOs. So what is gpupdate going to do? It does nothing for refreshing the token or NTFS permissions.
    LVL 1

    Expert Comment

    Forced accept.

    EE Admin

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    Why You Should Analyze Threat Actor TTPs

    After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

    Many people tend to confuse the function of a virus with the one of adware, this misunderstanding of the basic of what each software is and how it operates causes users and organizations to take the wrong security measures that would protect them ag…
    Our Group Policy work started with Small Business Server in 2000. Microsoft gave us an excellent OU and GPO model in subsequent SBS editions that utilized WMI filters, OU linking, and VBS scripts. These are some of experiences plus our spending a lo…
    To add imagery to an HTML email signature, you have two options available to you. You can either add a logo/image by embedding it directly into the signature or hosting it externally and linking to it. The vast majority of email clients display l…
    This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor ( If you're looking for how to monitor bandwidth using netflow or packet s…

    760 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    7 Experts available now in Live!

    Get 1:1 Help Now