Often times when working with SMS 2003 in advanced security mode the need arises to add computer objects to active directory groups. Normally for a computer account to become aware of the group membership change a reboot is required. Often it is difficult to arrange for the scheduled downtime necessary to reboot a production server.
I've used the below procedure to update the computer's security token without rebooting. This does take a bit of effort, but it doesn't involve rebooting your server.
- Download the Klist utility. You'll need to install the .msi package and get klist.exe from the install directory.
- Next you need to launch an interactive command prompt running as the system account
Click Start -> Run -> "AT <time> /i cmd.exe"
- (NOTE: If you are trying to launch an interactive command prompt via a remote desktop session to your server you will need to be logged on to session 0 to see the command prompt. You can do this by using the following command when connecting to the server. "mstsc /console" )
- When command prompt is launched.
Run "klist purge"
- Run Gpupdate /force
Your computer's security token should now be updated.