G
Guest
When you add a user to a group, the user has to log off and back on before
his access token sees he's a member of the new group. Only then can he
access a resource that has permissions set to that group.
Now how does this work with computer accounts. I have a global group that I
have added computer accounts as members. I have then used this group to
grant share/file access to a central file server. I have a process that runs
under the SYSTEM context (i.e. the computer account) to copy files to the
central file server. It's been a little over a day and some of the computers
can copy just fine; others still give me access denied errors. So to my
question, when does the computer account refresh its access token or does it?
Can this be forced? Will a reboot do it? Will resetting the computer
account’s password (secure channel) do the trick?
Any insight on this would be appreciated. Thanks
his access token sees he's a member of the new group. Only then can he
access a resource that has permissions set to that group.
Now how does this work with computer accounts. I have a global group that I
have added computer accounts as members. I have then used this group to
grant share/file access to a central file server. I have a process that runs
under the SYSTEM context (i.e. the computer account) to copy files to the
central file server. It's been a little over a day and some of the computers
can copy just fine; others still give me access denied errors. So to my
question, when does the computer account refresh its access token or does it?
Can this be forced? Will a reboot do it? Will resetting the computer
account’s password (secure channel) do the trick?
Any insight on this would be appreciated. Thanks