Is there some user groups cache in Windows Server and how to flush it?

Adnan Abbas 1 Reputation point
2022-05-08T18:42:16.81+00:00

I am seeing in the following unexpected behavior:

Summary of a problem: changing the contents of a user group does not have immediate effect on the actual effective file permissions linked to this user group, why?

Setup:

Windows Server 2019 Standard, no AD domain, just a plain file server on LAN with local user accounts matching on the server and client computers, all updates installed.
Two server-side user groups: "Group A" and "Group B". Group A contains two users: User 1 and User 2.
Group A has read and write NTFS permissions for certain folder.
Now we do the following:

Remove User 2 from Group A and add him/her to Group B.
Remove write permissions to the folder for Group A
Assign read and write NTFS permissions to the same folder for Group B
Expected result:

User 1 should have read-only access to that folder
User 2 should have write and read access
Actual result:

User 2 unexpectedly has read-only access.
Additional facts:

Both users are accessing the file server over the network from Windows client machines having logged in as matching local user accounts
The folder is shared with sharing permissions set to "Everyone has full access"
When checking for effective permissions (Properties->Security->Advanced->Effective Access for User 2, it shows that this user has write and read permissions
But when User 2 actually attempts to write into that folder over the LAN, it fails.
The only thing that allows the User 2 to write is re-assigning write permission to Group A (notice, Group A, not Group B!).
So from this behavior, especially from item 5 above, it seems to me that Windows Server is somehow stuck thinking that User 2 is still a member of Group A when it comes to actually deciding what kind of access is allowed, yet it correctly computes effective permissions when I query them via the dialog window. So my question is: is there some sort of internal cache which stores user group information and how do I force reset of this cache?

Windows Server 2019
Windows Server 2019
A Microsoft server operating system that supports enterprise-level management updated to data storage.
3,601 questions
0 comments No comments
{count} votes

1 answer

Sort by: Most helpful
  1. MotoX80 32,736 Reputation points
    2022-05-08T21:14:38.037+00:00

    Try closing the user's session. You can also try right clicking and select "Disconnect all sessions".

    200007-capture.png

    0 comments No comments