KiXtart provides functions to test or enumerate the group-membership of the current user (specifically: InGroup() and EnumGroup()). These functions operate on an in-memory list of groups the user is a member of. This list is filled once during every KiXtart session (in other words: once every time you run KIX32.EXE).
Previous versions of KiXtart always queried the logonserver for the group-membership information. This provided information on both local and global groups in the logondomain. KiXtart retrieves group-membership information using the security token of the current user. The benefit of the new method is that KiXtart can now support universal groups as well as nested global groups.
|
Note |
Because a security token is created during the logon of a user and does not change while that user is logged on, changes to the user’s group-membership are not visible to KiXtart until the next time the user logs on.
As both methods of retrieving the group-membership are relatively costly in terms of network traffic and process time the latest update of KiXtart caches the group-membership information in the registry. This means that once the cache is filled, subsequent runs of KIX32.EXE will require much less time to retrieve the group-membership information.
The group-membership cache is stored in the registry hive of the current user and contains security-identifier-to-groupname mappings. Changes to a user's group-membership are automatically handled by KiXtart during the next logon.
|
Note |
If an existing group is renamed, that change will not be visible to KiXtart until the next time the token-cache is refreshed.
The cache is automatically refreshed every 30 days.
A refresh of the cache can also be forced using the new '/f' commandline option:
KIX32
<yourscript> /f
Optionally, you can include a date, indicating how old the cache must be for it to be refreshed:
KIX32
<yourscript> /f:2001/12/31
|
Note |
The group-membership cache feature of KiXtart is only available on Windows NT or higher.