We run a Windows 2008 network (2008 DC level). There are many users who work only from home and connect to the network via VPN.
Recently group membership was changed for many of these users and the membership isn't making it to their machine. I need a way I can update their Kerberos ticket with their security groups. Normally this happens at login, though these users are not connected to the network at login and don't get the updates.
gpupdate /force doesn't update the local Kerberos ticket. Using gpresult /r is being used to review current security groups for the user.
How can I get these updates to these users?
Best Answer
Try using a klist purge as login script, group policy scheduled task, etc. If run in the user context this should provide the response you want without changing the vpn setup.
I use a small script of a similar nature to refresh computer group memberships for deploying software without rebooting.