As far as I am aware windows normall checks the access rights in Active Directory at startup or every 5-90 minutes depending on machines, setups, etc.
Your running a FAT system correct?
FAT cant contain ACL info so the info is checked from Active Directory at startup or at regular intervals and saved locally.
Some stuff i think should help.
The Group Policy Settings are refreshed as per the interval configured in the Group Policy for client computers, member servers and domain controllers. You can use the following command line tools to refresh the Group Policy Settings on remote computer. You need to log on to the computer manually and then perform the action suggested below:
For Windows XP computers:
* Gpupdate.exe /Target:User /force
* Gpupdate.exe /Target:Computer /force
For Windows 2000 computers:
* Secedit.exe /refreshpolicy user_policy
* Secedit.exe /refreshpolicy machine_policy
To refresh the policy on remote computer or computers you can use the following script to do so:
1. Create a ComputerList.txt
2. Put all the remote computers in the Text file.
3. Use the Psexec.exe tool to execute the command remotely.
For Windows XP Computers:
Psexec.exe
-@ComputerList.txt Gpupdate.exe /Target:User /force
Psexec.exe
-@ComputerList.txt Gpupdate.exe /Target:Computer /force
For Windows 2000 Computers:
Psexec.exe
-@ComputerList.txt secedit.exe /refreshpolicy user_policy
Psexec.exe
-@ComputerList.txt secedit.exe /refreshpolicy machine_policy
The above Psexec.exe command will run on all the computers specified in the ComputerList.txt.
You can also use the following script to check the version of Operating System and then issue the command:
@echo off
XPGPORef1=gpupdate.exe /Target:User /force
XPGPORef2=gpupdate.exe /Target:Computer /force
Win2kGPORef1=secedit.exe /refreshpolicy user_policy
Win2kGPORef2=secedit.exe /refreshpolicy machine_policy
For /f “Tokens=*” %%a in (ComputerList.txt) Do (
SET Comp_name=%%a
Ver.exe \\%comp_name% > Hostver.txt
Find /I “XP” < Hostver.txt > CheckCC.txt
IF %errorlevel% == 0 (
Psexec.exe \\%comp_name% Gpupdate.exe /Target:User /force
Psexec.exe \\%comp_name% Gpupdate.exe /Target:Computer /force
) ELSE (
Psexec.exe \\%comp_name% secedit.exe /refreshpolicy user_policy
Psexec.exe \\%comp_name% secedit.exe /refreshpolicy machine_policy
)
)
The above script will check the Operating System version by executing Ver.exe on remote computer and then run the appropriate commands to refresh the Group Policy Objects.
And
To change the trust policy refresh period
1.
Click Start, point to Administrative Tools, and then click Active Directory Federation Services.
2.
Right-click Trust Policy, and then click Properties.
3.
Scroll to the Advanced tab, and then click the Advanced tab.
4.
In Trust policy refresh period (minutes), type or scroll to a new number of minutes, and then click OK.
Hope this helps.
Related.
More