Re: How to prevent old password login?
- From: "Egil Schnack" <news@xxxxxxxxxxxxxx>
- Date: Sat, 14 Jan 2006 17:13:27 +0100
To ensure that all users are authenticated by a domain controller when they
log on, you need to set the cache to zero for interactive logons. System
cache holds data that was processed previously. It is faster to obtain data
from cache, rather than repeating the
transaction. But this also reduces the need to authenticate users and for
security purposes you need to purge
the cache and set it to not cache log on information so as to compel all
users to be authenticated each time
they log on. GPO Setting -> Interactive logon: Number of previous logons to
cache (in case domain
controller is not available)
By default 10 logons. This setting would prevent logon using cached
credentials if the network was down or
domain controllers otherwise unavailable. Certainly a non viable setting for
mobile laptop users!
If we use the zero setting, then every user MUST be authenticated by a
domain controller
Hope that helps - Egil.
<dougsisco@xxxxxxxxxxx> wrote in message
news:1137085350.407741.75880@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
>I have a 2003 domain server. When I reset a user's password, the old
> password is valid until he logs-in with the new one.
>
> In other words, the user is logged-off, and I change the password from
> the server. The user can log on using the old password OR the new
> password. Once he logs-in using the new password the old password
> becomes invalid.
>
> But I would like to force the user to logon with only the new password.
>
> Thanks in advance for any help with this!
>
.
- References:
- How to prevent old password login?
- From: dougsisco
- How to prevent old password login?
- Prev by Date: Re: Pre-Windows 2000 and AD group name
- Next by Date: Re: CNAME entry not added when DCPROMO
- Previous by thread: Re: How to prevent old password login?
- Next by thread: transfer FSMO: schema master role
- Index(es):
Relevant Pages
|
