How to Refresh Directory attiva Group Membership in Finestre.
There are two paths to refresh user group membership in Directory attiva and apply new settings or changes without waiting for automatic applies:
- Tronco d'albero off and tronco d'albero in again. This action checks all groups that the user is a member of. (Simplest way)
- Reset Kerberos Tickets cache (Hard way)
Reset Kerberos Tickets cache
NOTA: This method will work only for network services supporting Kerberos authentication (as for example access to network printers). The services working only with NTLM authentication still require logoff and logon of a user or Finestre restart.
You can get the list of groups the current user is a member of in the Windows PowerShell O Prompt dei comandi (CMD) using the following command:
whoami /groups
or GPResult
gpresult /r
NOTA: The list of groups a user is a member of is displayed in the section The user is a part of the following security groups.
Kerberos tickets can be reset without the restart of a computer using klist.exe. Klist is included in OS Finestre since Finestre 7.
Computer membership
1. Right mouse button click on Inizio pulsante ed esegui Finestre PowerShell (Ammin)(Also you can use cmd);
2. To reset the whole cache of Kerberos tickets on a computer and update the computer membership in AD groups, run the following:
klist -lh 0 -li 0x3e7 purge
NOTA: 0x3e7 is a special identifier showing the session of the local computer (Local System).
After running the command and updating the policies, all policies assigned to the Directory attiva group using Security Filtering will be applied to the computer.
User membership
1. Right mouse button click on l'inizio pulsante ed esegui Finestre PowerShell (Ammin)(Also you can use cmd);
2. Reset all Kerberos tickets of the user with this command:
klist purge