How do you force an update to a user's group membership in Windows 7?

taskkill.exe /F /IM explorer.exe
runas /user:%USERDOMAIN%\%USERNAME% explorer.exe

This will kill explorer, then reopen with your user account... It will prompt you for your password and that will get you a new token, thereby updating your membership.

This is difficult to perform on a system-wide scale, but possible with individual executable files by killing their process and relaunching them under the user's credentials.

When you log on, you receive a token reflecting your group membership, among other things. The only way to refresh this token is to log in.

I had a similar situation of a website that relied on a user's membership in AD to allow login to the website. One thing to consider doing is having the web server do the authentication/query to the AD server with their supplied credentials; if the web server has access to AD and just queries the server for whether the user is in group XYZ, they'll get a list right from AD, not from the login token of the user which does require logon/logoff to get a new token with proper privileges.

I know your dev machine right now from the description doesn't have that access but it sounded like you mean when you deploy it you need this functionality.

If you rely on the token, you'll have to log off and back in.

There is a scripted way of doing this completely through the command line; you can use klist.

klist purge