Updating cached credentials for full time work at home users...
I have a client that uses a VPN client and does not allow users to logon from the Windows logon screen, rather they have to already be logged in using cached credentials and then launch the VPN client and authenticate...
Now this poses a significant issue deploying applications via SCCM based on a user's groups for those users who are full time work at home or road warriors, as the user's windows security token, that stores the SIDs for all their groups, never gets updated through an interactive domain logon...
thus far the only solution I've found is... write a utility that prompts for the user's current password and then launch a new process / thread with those credentials just like runas.exe. This then updates the cached credentials... force the user to logoff and logon and voila the token has the new groups...