Tablets

Question

Creator

Topic
April 18, 2008 at 6:46 am #2146996

Don’t Cache Specific User’s Credentials

Locked

by roger.pray · about 17 years, 1 month ago

I have some internal staff who have been granted a secondary domain account for use on their specific machine as an administrator. This account is locked down such that it only has access to their specific PC and the account has been added to the local administrators group. The “deal” was made such that they would only use it when necessary and all activities would be logged and tracked.

However, a couple of our more enterprising staff have discovered that if you remove the Ethernet cable and login you will still have your admin rights and nothing gets tracked because the login scripts don’t run.

Is there a way to specify that account X will not have its credentials cached, but still allow the rest of the credentials in use on said machine to be cached? Thus, when the domain is present they would be able to login, but when the domain is not present, they wouldn’t have access.

This would be most useful when it comes to our mobile devices – tablets/notebooks, etc.

Thanks.

This conversation is currently closed to new comments.
Creator

Topic

All Answers

Author

Replies
- April 18, 2008 at 6:46 am #2550797
  
  Clarifications
  
  by roger.pray · about 17 years, 1 month ago
  
  In reply to Don’t Cache Specific User’s Credentials
  
  Clarifications
- April 18, 2008 at 11:20 pm #2549798
  
  This should get you started
  
  by rob miners · about 17 years, 1 month ago
  
  In reply to Don’t Cache Specific User’s Credentials
  
  http://support.microsoft.com/kb/307882
Author

Replies

Viewing 1 reply thread

Start a Discussion

Start New Discussion