Don't access tokens for group memberships only get updated when you log out (user) or restart (machine)? I may be completely wrong...I last paid attention to this sort of thing back in the Win2K days.
On 18 February 2010 14:47, John Hornbuckle <[email protected] > wrote: > I just had a bit of weirdness with a machine not updating its group > policy the way I expected. > > > > Yesterday I removed a machine (Vista) from a group using ADUC. Today when I > ran gpresult on the machine, it still showed that it was a member of the > group. The time stamp of the last policy update was recent, and I checked > the DC the machine had gotten the update from and confirmed that that DC > knew the machine was no longer a member of the group. Yet the machine still > thought it was. > > > > So I ran gpupdate /force, then another gpresult after that. Same thing—the > machine still showed as being a member of the group I had removed it from > nearly 24 hours earlier. > > > > Lastly, I rebooted the machine. Logged back in, ran gpresult, and all was > fine. The machine was no longer a member of the group. > > > > My question is, why didn’t gpupdate /force accomplish this? If a reboot was > necessary for the change to apply, normally gpupdate will tell me that. It > didn’t, though. > > > > Is this a bug, or by design? > > > > > > > > John Hornbuckle > > MIS Department > > Taylor County School District > > www.taylor.k12.fl.us > > > > > > > > > > NOTICE: Florida has a broad public records law. Most written communications > to or from this entity are public records that will be disclosed to the > public and the media upon request. E-mail communications may be subject to > public disclosure. > > -- "On two occasions...I have been asked, 'Pray, Mr Babbage, if you put into the machine wrong figures, will the right answers come out?' I am not able rightly to apprehend the kind of confusion of ideas that could provoke such a question." ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
