Any way to refresh group membership while logged in?

[Guest]

I'm working on an application that uses the currently logged in users Windows
group membership. During development I want to be able to change their group
membership on the domain controller (Windows 2003 AD) and be able to see the
change in group membership in the application without having to log off and
back on. Aside from RUNAS, is there any way to do this?

I was hoping for something like GPUDATE that would affect group membership.
but I haven't seen anything that looks like it would work.

 

[Brandon McCombs]

I'm working on an application that uses the currently logged in users Windows
group membership. During development I want to be able to change their group
membership on the domain controller (Windows 2003 AD) and be able to see the
change in group membership in the application without having to log off and
back on. Aside from RUNAS, is there any way to do this?

I was hoping for something like GPUDATE that would affect group membership.
but I haven't seen anything that looks like it would work.

I'm not saying there isn't anything out there to do that but it wouldn't surprise
me if there wasn't anything because Windows does a lot of things during login and
actually builds a token based on the groups an account is a member of. During
every object access that token is compared to the ACLs on the object to see if
the account has the appropriate permission. It may even be considered a
security violation if it was possible to change that on the fly unless the
application somehow tied into Kerberos and was able to reauthenticate to ADS
before the membership update took place.