Permissions Not Applied After Group Membership Change (4244843)

WORKAROUND 1

If connecting via the MMC and using the logged in user, do one of the following:

1. Log out and log back into their workstation.
2. Right-click on the Active Roles top node in the tree pane of the MMC and click Connect. Clicking Reconnect will not work as it reuses the existing token.  On the Connect dialog, specify the username and password to connect.

WORKAROUND 2

If connecting via the Web Interface and the Web Interface is configured to use Integrated Authentication, do one of the following:

1. Log out and log back into the workstation.
2. Recycle the application pool.

WORKAROUND 3

Note: Always create a backup of the registry whenever modifying, adding, and removing registry entries.

If connecting via the Web Interface and the Web Interface is configured to use Basic Authentication, the default user token cache TTL (time to live) is 15 minutes. Do one of the following:

1. Recycle the application pool.
2. Modify the registry on the Web Interface host to lower the default TTL of the user token cache.  Use the following steps to set the TTL to a lower value:
   1. Open the Registry Editor.
   2. Navigate to the following key:
      HKLM\System\CurrentControlSet\Services\InetInfo\Parameters
   3. Create a new DWORD with the following information:
      Name: UserTokenTTL
      Value: <time in seconds>
      ** Suggested value of 30 **
   4. Close the registry editor.
   5. Perform an IISRESET to load the new settings.

Option 2 will significantly decrease the time needed to wait before the permissions will be available for the account.