Change user group permissions without logout


To change user group permissions without logout you will first need to remove all the users Kerberos tokens using the command below

klist purge

This should show as below

Current LogonId is 0:0x7e3d67
Deleting all tickets:
Ticket(s) purged!

To see the new list of Kerberos Tokens run the command below

klist tgt

To get a new Kerberos Token you will need to start a program as the user, the easiest way is to use runas and lauch a simple notepad window

runas /user:domain\username C:\Windows\system32\notepad.exe

To see the list of all the groups the user is now a member of run the command

whoami /all

Found priceless insights in this blog? Support the author’s creativity – buy them a coffee!

Leave a Reply

Your email address will not be published. Required fields are marked *