When changing the group membership of a computer account the group will not be added to the computer account until the computer account is re-authenitcated. Just as when you add new permission or User Object the person need to logout and back in to get the new permissions.

The easiest way to accomplish this is to reboot the server… however we all know that is not alway posable. A handy little tool to get the computer to renew the Ticket is

klist -li 0x3e7

you get a list of the system account’s ticket

klist -li 0x3e7 purge

you can delete all tickets and force the system to get new ones with updated group membership information without rebooting at all