Are a users rights within a share only assigned when the user maps the share to a local drive, or should you be able to change their rights on-the-fly? I'm currently experimenting with what will become the offices new Windows 2003 File Server, creating folders, AD groups and assigning permisions to see how things work. As an example I have a folder named DTP that can be mapped by a user. Said folder has two ACL's assigned to it, User and Viewer . Permissions are such that members of the User group have full rights to the folder to add, modify and delete. Viewer members can only list and open. Now, things are working. I take user BOB, assign him to User group, then do a net use P: servershare /u:BOB and BOB ends up with a P drive to which he has read, write, modify, delete rights. I take user BOB, remove him from the User group but add him to the Viewer group, then do a net use P: servershare /u:BOB and BOB ends up with a P drive to which he has read rights, as should be the case. However, if while BOB is connected as a VIEWER member, I modify him in AD adding him to the USER group and dropping him from the VIEWER group, what I'm seeing is that BOB still only has VIEWER rights to the P drive. Windows hasn't on-the-fly converted his rights to full access. I have to disconnect the P drive and recreate it in order for the new rights to take affect. Is this the way Windows Server 2003 works? Or is there something I need to configure or do in order to permit on-the-fly permisssion changes to a users rights within a drive letter mapped to a share? I look forward to your response.