General discussion

Locked

Password Cache

By jlbpotter ·
I have Windows 2000 boxes logging into an NT4 domain. My users are set up to log into the domain. They do not log into the local box. I have noticed though that if the network cable is unplugged from the pc, the user can still log into the domain. It looks like the box holds a password cache somewhere and authenticates against it if the domain is not available. I don't have a problem with this. My question is, how long is this cache available? Will the system hold the password cache several days with the system powered down?

This conversation is currently closed to new comments.

9 total posts (Page 1 of 1)  
| Thread display: Collapse - | Expand +

All Comments

Collapse -

Password Cache

by Ann777 In reply to Password Cache

The cache is not memory... it's actually saved on the hdd (User profile).

It lasts until the user messes up his or her profile by changing the password while not connected to the network. The system will change the password locally, but thenthe user will not be able to authenticate with the network.

Collapse -

Password Cache

by Ann777 In reply to Password Cache

Right-click on My Computer --> Properties --> User Profiles

Collapse -

Password Cache

by jlbpotter In reply to Password Cache

Poster rated this answer

Collapse -

Password Cache

by Joseph Moore In reply to Password Cache

Microsoft Knowledge Base Article - 235480

No Notification When You Log On Using Cached Credentials
The information in this article applies to:
Microsoft Windows 2000 Professional

This article was previously published under Q235480
SUMMARYAfter you log on to a computer, which populates the credentials cache, the next time you log on "off the wire," you do not receive a notification that the computer is logging on using cached credentials.
MORE INFORMATION
The popup feature that notifies you that your computer is logging on using cached credentials is disabled for a no-network logon.

For example, to observe this behavior, follow these steps:
Log on to a computer that is connected to a network. The credentials cache is populated automatically.
Log off the computer.
Remove your network cable to disconnect the computer from the network.
Log on to the computer again using the same credentials you used in step 1.
You can make changes in the Users and Passwords tool in Control Panel to require that a username and password are used when you log on or to select a different user account for the computer to auto-log on. On the Advanced tab, you can configure Windows to require users to press CTRL+ALT+Delete in order to log on. However, if you do not select the option to require username and password, the CTRL+ALT+Delete option does not function correctly.

Collapse -

Password Cache

by Joseph Moore In reply to Password Cache

So, there is a Registry setting where you can limit the Cached logon count.

Cached logon information is controlled by the following key:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\Current Version\Winlogon\

ValueName: CachedLogonsCount
Data Type: REG_SZ
Values: 0 - 50


So, if you don't want your Win2K users to log in when the PDC is not available, set the above key to 0.

hope this helps

Collapse -

Password Cache

by jlbpotter In reply to Password Cache

Poster rated this answer

Collapse -

Password Cache

by timwalsh In reply to Password Cache

Control Panel | Administrative Tools | Local Security Policy | Security Settings | Local Policies | Security Options | Number of previous logons to cache (in case domain controller is not available) - default is 10

Collapse -

Password Cache

by jlbpotter In reply to Password Cache

Poster rated this answer

Collapse -

Password Cache

by jlbpotter In reply to Password Cache

This question was closed by the author

Back to Windows Forum
9 total posts (Page 1 of 1)  

Related Discussions

Related Forums