Refreshing user’s group membership in active directory without log-off/log-on

It is my understanding, unless Active Directory processes tokens differently in newer implementations of Active Directory (currently at a mixed forest level of 2003 and 2008) that user session that is already active, log off and back on to the workstation is the way for group permissions assigned via group membership requires a log off and when the user logs back in, the new token for that session is assigned folder group membership rights.

Yet there are members of my I.T. department that use gpupdate /force.


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s