Re: Local/Domain logon

From: julianm (julianm_at_discussions.microsoft.com)
Date: 09/08/04 

Date: Wed, 8 Sep 2004 07:59:03 -0700

XP will cache the logon credentials. For example, my notebook at work is XP
Pro and I do not use a roaming profile. At work I log on with my domain user
account and password. When I go home I log onto my notebook using the same
domain username and password as I use on the network - there is no connection
to the domain at home, therefore this uses cache credentials.

I did the upgrade exam to MCSE 2003 the other day [I did pass, and no I'm
not bragging] and there was a specific question about XP caching logon
credentials and how can you stop this. I am not an expert on XP, but I do
know this works, and as the exam covers this I presume this is a feature of
XP.

"Neil Shaw" wrote:

> >>We have a user who is working 50-50 onsite and at home and who has a
> >>work issued laptop. At work we have a Win2K server running AD with a
> >>single Domain.
> >>
> >>The problem arises when the user is at home. Obviously there is no way
> >>for her to authenticate with the PDC (dial-up connection not feasable)
> >>and so she has a local machine logon too. However, this leads to 2
> >>separate profiles. Is there any way to get Windows to use the cached
> >>copy of her Domain profile when logging on to the local machine only so
> >>that she still has access to things like contacts and bookmarks?
> >>
> >>Thanks
>
> > Try using XP on the client as it automatically caches the client logon
> > details so you do not need to worry about this. If you need to
> prevent users
> > from loging on with cached credentials this is possible with Group
> Policy too.
> >
>
> When you say it caches the logon details, do you mean the roaming
> profile of the user, or the username/password combination to allow a
> Domain logon without needing the PDC connected to the client?
>
> If it's the roaming profile, Win2K does this as well, but it's the
> password authentication that is the problem.
> If it's the latter, it just adds to my list of reasons as to why I hate
> WinXP :o\
>

Relevant Pages

  • Re: Does the ability to use cached logon expire?
    ... >> credentials, they need to log on to the Domain to reset it. ... > Microsoft Windows 2000 Security Hardening Guide ... > Disable Caching of Logon Information ... > how many user account entries Windows 2000 saves in the logon cache ...
    (microsoft.public.windowsxp.security_admin)
  • Re: Does the ability to use cached logon expire?
    ... > credentials, they need to log on to the Domain to reset it. ... Note that the CachedLogonsCount is a number indicating for how many ... Disable Caching of Logon Information ... Windows 2000 has the capability to cache logon ...
    (microsoft.public.windowsxp.security_admin)
  • RE: cache credentials
    ... Eventually (10 alloted logon times w/o having to re-sync with DC) the cached ... credentials will expire or you can delete the user's profile from computer. ... Group Policy setting to DO NOT CACHE LOGONS is located at GPEDIT.msc ...
    (microsoft.public.windows.server.active_directory)
  • Re: Remote User Needs to Change PWD without connecting to domain
    ... credentials to log on and eventually the password expired. ... > I think you are misinterpreting the "10 logon" settings. ... > Settings, Security Settings, Local Policy, Security Options). ... >> account (note: this should only be temporary as this presents a security ...
    (microsoft.public.win2000.security)
  • Re: Cant use WM6 to access network shares
    ... unfortunately nothing in any of the event logs. ... the logon prompt. ... So for whatever reason it's just not passing my credentials ... Can get to about any other share on the network. ...
    (microsoft.public.pocketpc.wireless)
Loading