Question

  Asked: Apr 29 2008   7:15 PM GMT
  Asked by: Windows Security ATE


Force a refresh of privileges


Windows Security, User permissions, Group permissions

We have developed a utility that creates a specific group, defines access rights for this group and adds users to that group. It also denies all users access to these folders. This tool is run as admin in Vista. However, users cannot access before a logoff and a logon. Is there a way to force the refresh of the effective privileges by calling an API?We have developed a utility that creates a specific group, defines access rights for this group and adds users to that group. It also denies all users access to these folders. This tool is run as admin in Vista. However, users cannot access before a logoff and a logon. Is there a way to force the refresh of the effective privileges by calling an API?

Subscribe to Alerts! Get questions and answers delivered to your Inbox.


E-mail me updates on this question



   SUBSCRIBE

hidden modal window

Answer Wiki (Improve, edit or add to this answer)


 RATE THIS ANSWER
+1
Click to Vote:
  •   1
  •  0



The user receives his/her security token at logon. The security token contains information regarding the user's group membership and other rights.

If you add or remove a user to/from a particular group, then that user needs to receive a new token in order take advantage of the group membership. This process only occurs at logon. It cannot happen "on the fly."
  • AddThis Social Bookmark Button

Browse more Questions and Answers on Security and Microsoft Windows.

Looking for relevant Security Whitepapers? Visit the SearchSecurity.com Research Library.


Discuss This Answer


You must be logged-in to discuss a question. Log-in/Register