Networking

DIY: Cache credentials on a domained PC

In response to a reader's question, Jack Wallen devised a trick for caching credentials on a domained and VPNed PC when the VPN isn't available.

A TechRepublic member emailed me about a situation that arose in which a machine was on a domain but could only get to the domain when connected to the VPN. The reader could log on as the domain administrator but not the regular user because the domain admin had his credentials cached on the machine. It turns out the VPN wasn't set up. The other problem was that the user isn't always going to be on the domain or on a network.

My answer is that the credentials need to be cached; otherwise, the user won't be able to log in when he is not on the domain. But how can this be done when the machine is not currently on the domain or the VPN? I came up with a nifty little trick to get those precious credentials cached.

Before following my instructions, you need to consider these requirements in order for the trick to work: The domain admin credentials must have been previously cached on the computer. With the credentials cached, it is possible to log on to the machine.

  1. Log on and connect the VPN so the user can be authenticated.
  2. Navigate through the Start Menu to Notepad, hold down the Shift key, and right-click the Notepad entry.
  3. Select Run As Different User from the drop-down list.
  4. Enter the domain credentials for that user.
  5. Create a dummy file in Notepad and save the file.
  6. Log out as the domain admin.
  7. Log in with the user using the domain credentials.

You should be able to log in as that user without having to be on the domain or the VPN. I highly recommend you set up that user so the VPN comes up at boot. If this is not possible, you should make sure the credentials are cached.

Working on a domained environment can be both a blessing and a curse. For the most part, it will make life much easier, but when problems arise, brace yourself for a challenge.

Ask Jack: If you have a DIY question, email it to me, and I'll do my best to answer it. (Read guidelines about submitting DIY questions.)

About

Jack Wallen is an award-winning writer for TechRepublic and Linux.com. He’s an avid promoter of open source and the voice of The Android Expert. For more news about Jack Wallen, visit his website getjackd.net.

3 comments
Randall Alifano
Randall Alifano

Wow. So nice of you to respond to email from a reader. The answer to the query is also amazing and straight to the point. - Randall Alifano

Brenton Keegan
Brenton Keegan

EDIT: my post was meant to be a reply to neon samurai's question. Credential Caching can be disabled via group policy. Computer\Policies\Windows Settings\Local Policies\Security Options\Interactive login: Number of previous logons to cache Cached credentials are used in any application that's configured for SSO. So for each application using SSO with cached credentials disabled users will be asked to authenticate each time they open it.

Neon Samurai
Neon Samurai

With any of our XP and 7 machines, a user need only be introduced once to the domain: 1. boot computer within domain environment 2. user logs in authenticating against domain 3. workstation remembers user credentials 4. boot computer outside domain environment 5. user logs in auehtnitcating against credentails cached in steps 2/3 Is there a situation where the OS does not remember the user credentials once it leaves the domain environment? I'm probably missing where the cached credentials are being used in this case. Interesting track trapping credentials inside a "run as" file, I'm just trying to understand teh situation better.

Editor's Picks