How to refresh current user privilege without relogin

G

Guest

Guest
Archived from groups: microsoft.public.win2000.security (More info?)

Hi,
I grant current win2k user a different group, normally, I've to
logoff and login again to make new group work for the current user.
Is there any command or tools that let me without relogin and refresh
current user privilige in current win2k session?

thanks
 
G

Guest

Guest
Archived from groups: microsoft.public.win2000.security (More info?)

The user token is built as a part of the login processing.
There is as far as I know no alternative but building a new
token via a login.

--
Roger Abell
Microsoft MVP (Windows Security)
MCSE (W2k3,W2k,Nt4) MCDBA
"PanYB" <panyb@hotmail.com> wrote in message
news:1103076594.202129.8420@z14g2000cwz.googlegroups.com...
> Hi,
> I grant current win2k user a different group, normally, I've to
> logoff and login again to make new group work for the current user.
> Is there any command or tools that let me without relogin and refresh
> current user privilige in current win2k session?
>
> thanks
>
 
G

Guest

Guest
Archived from groups: microsoft.public.win2000.security (More info?)

Yes.
Assuming you are running AD, you can use Klist or Kerbtray on the
workstation, to purge the users kerbereos tickets. It will rebuild the
token when you next access a network resource. Not all apps are friendly to
manually purging kerb tickets.

Your best bet is to follow the logoff and back on procedure.


--
Glenn L
CCNA, MCSE 2000/2003 + Security

"Roger Abell" <mvpNOSpam@asu.edu> wrote in message
news:e1Amc8k4EHA.824@TK2MSFTNGP11.phx.gbl...
> The user token is built as a part of the login processing.
> There is as far as I know no alternative but building a new
> token via a login.
>
> --
> Roger Abell
> Microsoft MVP (Windows Security)
> MCSE (W2k3,W2k,Nt4) MCDBA
> "PanYB" <panyb@hotmail.com> wrote in message
> news:1103076594.202129.8420@z14g2000cwz.googlegroups.com...
>> Hi,
>> I grant current win2k user a different group, normally, I've to
>> logoff and login again to make new group work for the current user.
>> Is there any command or tools that let me without relogin and refresh
>> current user privilige in current win2k session?
>>
>> thanks
>>
>
>
 
G

Guest

Guest
Archived from groups: microsoft.public.win2000.security (More info?)

Glenn

but that would not clear the local token right? AFAIK the token will only be
rebuilt on remote computers.

--
marco [alla] neovalens [punto] com

[ www.neovalens.com ]
----


"Glenn L" <the.only(delete)@gmail dot com> wrote in message
news:e1zzumm4EHA.2196@TK2MSFTNGP14.phx.gbl...
> Yes.
> Assuming you are running AD, you can use Klist or Kerbtray on the
> workstation, to purge the users kerbereos tickets. It will rebuild the
> token when you next access a network resource. Not all apps are friendly
> to manually purging kerb tickets.
>
> Your best bet is to follow the logoff and back on procedure.
>
>
> --
> Glenn L
> CCNA, MCSE 2000/2003 + Security
>
> "Roger Abell" <mvpNOSpam@asu.edu> wrote in message
> news:e1Amc8k4EHA.824@TK2MSFTNGP11.phx.gbl...
>> The user token is built as a part of the login processing.
>> There is as far as I know no alternative but building a new
>> token via a login.
>>
>> --
>> Roger Abell
>> Microsoft MVP (Windows Security)
>> MCSE (W2k3,W2k,Nt4) MCDBA
>> "PanYB" <panyb@hotmail.com> wrote in message
>> news:1103076594.202129.8420@z14g2000cwz.googlegroups.com...
>>> Hi,
>>> I grant current win2k user a different group, normally, I've to
>>> logoff and login again to make new group work for the current user.
>>> Is there any command or tools that let me without relogin and refresh
>>> current user privilige in current win2k session?
>>>
>>> thanks
>>>
>>
>>
>
>
 
G

Guest

Guest
Archived from groups: microsoft.public.win2000.security (More info?)

Hi

why would you want to do something like that to begin with? Can you explain
us what you are trying to acheive by adding a group on the fly?

--
marco [alla] neovalens [punto] com

[ www.neovalens.com ]
----


"PanYB" <panyb@hotmail.com> wrote in message
news:1103076594.202129.8420@z14g2000cwz.googlegroups.com...
> Hi,
> I grant current win2k user a different group, normally, I've to
> logoff and login again to make new group work for the current user.
> Is there any command or tools that let me without relogin and refresh
> current user privilige in current win2k session?
>
> thanks
>