{"id":104,"date":"2013-08-06T07:51:11","date_gmt":"2013-08-06T07:51:11","guid":{"rendered":"https:\/\/teacheritblog.wordpress.com\/?p=104"},"modified":"2013-08-06T07:51:11","modified_gmt":"2013-08-06T07:51:11","slug":"refresh-active-directory-group-membership-of-pc-without-reboot","status":"publish","type":"post","link":"https:\/\/christianlehrer.com\/?p=104","title":{"rendered":"Refresh Active Directory Group Membership of PC without reboot"},"content":{"rendered":"<div class=\"shariff\" data-title=\"Refresh Active Directory Group Membership of PC without reboot\" data-info-url=\"http:\/\/ct.de\/-2467514\" data-backend-url=\"https:\/\/christianlehrer.com\/wp-content\/plugins\/shariff-sharing\/backend\/index.php\" data-temp=\"\/tmp\" data-ttl=\"60\" data-service=\"tlxr\" data-services='[\"facebook\",\"twitter\",\"linkedin\",\"xing\",\"reddit\",\"whatsapp\",\"mail\",\"info\"]' data-image=\"http:\/\/teacheritblog.files.wordpress.com\/2013\/08\/image_thumb.png\" data-url=\"https:\/\/christianlehrer.com\/?p=104\" data-lang=\"en\" data-theme=\"white\" data-orientation=\"horizontal\"><\/div><p>&#160;<\/p>\n<p>If you ever tested stuff that is based on AD-Groups for Computers \u2013 like GPO Software deployment \u2013 you have experienced that the PC \u201cknows\u201d its new group membership only after a reboot or after seven days of waiting\u2026. <\/p>\n<p>After searching a while I found a way to get membership changes without reboot:<\/p>\n<p>Open a command promt in the system user context and purge the kerberos tickets to get new ones, e.g. with <a href=\"http:\/\/technet.microsoft.com\/en-us\/sysinternals\/bb897553\" target=\"_blank\">the great tool psexec<\/a> :<\/p>\n<p>a) Download <a href=\"http:\/\/technet.microsoft.com\/en-us\/sysinternals\/bb897553\" target=\"_blank\">psexec<\/a><\/p>\n<p>b) open an <strong>elevated<\/strong> command promt, navigate to the folder you downloaded psexec to and start psexec with the paramter \u201c-s\u201d to start the session on the local PC in system user context:<\/p>\n<p><strong>psexec \u2013s cmd<\/strong><\/p>\n<p><a href=\"http:\/\/teacheritblog.files.wordpress.com\/2013\/08\/image.png\"><img decoding=\"async\" loading=\"lazy\" title=\"image\" style=\"border-top:0;border-right:0;background-image:none;border-bottom:0;padding-top:0;padding-left:0;border-left:0;display:inline;padding-right:0;\" border=\"0\" alt=\"image\" src=\"http:\/\/teacheritblog.files.wordpress.com\/2013\/08\/image_thumb.png\" width=\"521\" height=\"170\" \/><\/a><\/p>\n<p>c) run \u201c<strong>klist \u2013li 0x3e7 purge<\/strong>\u201d<\/p>\n<p><a href=\"http:\/\/teacheritblog.files.wordpress.com\/2013\/08\/image1.png\"><img decoding=\"async\" loading=\"lazy\" title=\"image\" style=\"border-top:0;border-right:0;background-image:none;border-bottom:0;padding-top:0;padding-left:0;border-left:0;display:inline;padding-right:0;\" border=\"0\" alt=\"image\" src=\"http:\/\/teacheritblog.files.wordpress.com\/2013\/08\/image_thumb1.png\" width=\"521\" height=\"222\" \/><\/a><\/p>\n<p>d) the Keberos tickets get renewed and the new group membership is also populated <img decoding=\"async\" class=\"wlEmoticon wlEmoticon-smile\" style=\"border-style:none;\" alt=\"Smiley\" src=\"http:\/\/teacheritblog.files.wordpress.com\/2013\/08\/wlemoticon-smile.png\" \/><\/p>\n<p>&#160;<\/p>\n<p>On Windows 7 and beyond\/Server 2008 and beyond klist is coming with the OS, on Windows XP\/Vista\/Server 2003 you have to get klist form the <a href=\"http:\/\/www.microsoft.com\/en-us\/download\/details.aspx?id=17657\" target=\"_blank\">Windows Server 2003 Resource Kit Tools<\/a>.<\/p>\n<p>&#160;<\/p>\n<p>Thanks to <a href=\"http:\/\/sdmsoftware.com\/group-policy-blog\/general-stuff\/picking-up-computer-group-membership-changes-without-a-reboot\/?replytocom=33#respond\" target=\"_blank\">Darren<\/a> for sharing this great tipp!<\/p>\n","protected":false},"excerpt":{"rendered":"<p>&#160; If you ever tested stuff that is based on AD-Groups for Computers \u2013 like GPO Software deployment \u2013 you have experienced that the PC \u201cknows\u201d its new group membership only after a reboot or after seven days of waiting\u2026. After searching a while I found a way to get membership changes without reboot: Open&hellip;<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":[],"categories":[3,11,16,17,25,26],"tags":[31,63,87],"_links":{"self":[{"href":"https:\/\/christianlehrer.com\/index.php?rest_route=\/wp\/v2\/posts\/104"}],"collection":[{"href":"https:\/\/christianlehrer.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/christianlehrer.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/christianlehrer.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/christianlehrer.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=104"}],"version-history":[{"count":0,"href":"https:\/\/christianlehrer.com\/index.php?rest_route=\/wp\/v2\/posts\/104\/revisions"}],"wp:attachment":[{"href":"https:\/\/christianlehrer.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=104"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/christianlehrer.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=104"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/christianlehrer.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=104"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}