Access token not updated?

[Bryan Linton]

I'm not sure if this is a Server 2003 issue or an XP client issue, so I hope
nobody minds the crosspost. Our Domain controller is a SBS2003 machine, and
the user's client OS is XP Pro SP1.

I just locked down security on a shared resource. I removed inherited
permissions from parent and chose 'copy', granted access to two security
groups ('Executives' and 'Domain Admins') and one individual, and then
removed the "everyone" group. The problem is, the individual is denied
access from her own computer, which as I said is running XP pro SP1. She's
logged off and back on, and even restarted her computer, logged on as
someone else and then logged on as herself again; still no access. If she
logs on at another workstation, she is granted access, but from her own
computer, access continues to be denied. I fired up one of the Executives'
laptop computers (running Windows 2000), logged on with his user account,
and had no trouble accessing the resource, so I'm theorizing that XP handles
cached credentials and updating access tokens differently than 2000 does.
I've googled every way I can think of to find a solution but have come up
empty-handed. I want to find a way to force XP to get a new access token
for the user. Can anyone here take a shot at it?

Thanks in advance,

Bryan

 

[Darren Hook [MSFT]]

Do you see any events in the System log with Netlogon? Is the workstation
reporting any problems with the domain (machine account)?

On the token question, try renaming the user profile (UserName.bak) and let
her logon with a new profile, see if the problem still happens.

 

[Bryan Linton]

Her computer is a member of the Domain, as are all the computers. I'm
curious; what would the network setup wizard accomplish for me? The
computer was actually joined to the domain and an account created for it by
running the SBS2003 connect computer wizard via web browser.

Bryan