Re: Exchange OWA 2003 Trusted Root Certificate

From: Smurfman (smurfman_at_discussions.microsoft.com)
Date: 02/22/05


Date: Tue, 22 Feb 2005 09:29:04 -0800

Let me ask you, is there a way to force this to take place, without a reboot,
say from a script or command line, making it transparrent to the users. I
know that I could run a Shutdown command in a script to force the machines to
reboot, but is there an easier way.

Thanks for the reply, this does help explain why some have taken the policy
and why some have not. I am posting a similar thread in the group policy
board, but basically the GP Results show that a domain level policy for
authenticated users, is denied for several of my users. It shows that the
Group is denied because of an Access Filter, yet, the Authenticated Users is
set to Read and Apply for the user logon script. Would this mean that the
user was not Authenticated at the time of logon, and is using a cached logon?
Any ideas...? I will post this on the other board and give more detail.

THanks
J

"Paul Adare" wrote:

> In article <1FD5F2FE-EDFB-464B-AF56-F06D19A257D7@microsoft.com>, in the
> microsoft.public.win2000.security news group, =?Utf-8?B?U211cmZtYW4=?=
> <smurfman@discussions.microsoft.com> says...
>
> > Does a
> > computer's group membership only update after a reboot?
> >
> >
>
> Not exactly, but close enough. The new group membership won't show up on
> the access token granted to the computer until a reboot, just like with
> a user account which needs a log off and log on.
>
> --
> Paul Adare
> "On two occasions, I have been asked [by members of Parliament],
> 'Pray, Mr. Babbage, if you put into the machine wrong figures,
> will the right answers come out?' I am not able to rightly apprehend
> the kind of confusion of ideas that could provoke such a question."
> -- Charles Babbage (1791-1871)
>