After a user is deleted from a role in the Authorization Manager in an Active Directory domain environment, the user can still unexpectedly access that role from a Windows Vista-based or Windows Server 2008-based client computer
Consider the following scenario:
- You have an Authorization Manager store in an Active Directory domain environment.
- You add a user to a role in Authorization Manager.
- You log on to and then you log off from the domain on a Windows Vista-based or Windows Server 2008-based client computer by using the user account to that you added the role.
- The administrator deletes the user from the role in the Authorization Manager.
In this scenario, the user still can access the role.
For more information on this issue, including potential causes, workarounds, and resolutions, see: Microsoft KB Article KB954902.