Link to home
Start Free TrialLog in
Avatar of awakenings
awakenings

asked on

How are passwords and profiles interelated in Windows XP?

This question regards cached logons.  Is it possible to separate cached logons from cached passwords?  We want cached logons, but we don't want cached passwords.  Is that possible?  It is on a domain.  I thought the two were tied together, but my manager things otherwise.  Thoughts?  Opinions?
ASKER CERTIFIED SOLUTION
Avatar of Jay_Jay70
Jay_Jay70
Flag of Australia image
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of Brian Pierce
Brian Pierce
Flag of United Kingdom of Great Britain and Northern Ireland image
The domain credentials are cached seperatly from IDs and Passwords used to connect to other resources like shared folders on a workgroup. Caching domain credentials is useful, it allows people using laptops for example to still enter their domiain username/password and access the local machine whien they are not on the network and saves them having to have a domain and local user account and switch between the two accorining to circumstances. You can switch this off if you like but be aware of the consequences. You can do it b by group policy or registry key.

The password for shared non-domain resources and the like can be cleared amended or added to by going to the user accounts in control panel selecting the user and on the advanced tab select manage passwords.
Avatar of Jay_Jay70
Jay_Jay70
Flag of Australia image
but the point still remains, caching a logon caches its password - you cannot have either or
Avatar of Brian Pierce
Brian Pierce
Flag of United Kingdom of Great Britain and Northern Ireland image
To disable cached credentials, simply alter the appropriate GPOs so that every system in the environment has the Computer Configuration, Windows Setting, Local Policy, Security Options control of "Interactive Logon: Number of previous logons to cache (in case domain controller is not available)" to 0 logons (from the default of 10).

I cant find any info on automatically clearing stoted usernames and passwords but there is some more info at http://www.microsoft.com/resources/documentation/windows/xp/all/proddocs/en-us/sag_key_topnode.mspx?mfr=true
Avatar of Brian Pierce
Brian Pierce
Flag of United Kingdom of Great Britain and Northern Ireland image
I assumed that what awakenings was referng to was the difference between cached credentials (essentially the domain username/password) and 'UserNames and Passwords' (which are all the other stuff for things like connecting to a non-domain share or internet passwords.)

The two things are seperate and can be managed independently.
I'm sorry If I have mis-interpreted the question
Avatar of Jay_Jay70
Jay_Jay70
Flag of Australia image
no need to apologise, maybe i interpreted wrong, awakenings????

cached and local can deffinitely be separated but to passwords and logons are the same thing
Avatar of awakenings
awakenings

ASKER

Folks,
 
    I apologize for the delay.  I was out earlier than expected.  What I am interested in is the interrelation between profiles and passwords.  In other words if we keep cached logons, can we get rid of the passwords.  We do not want passwords on the system any more than local user passwords.  If you can supply a Microsoft reference, it would be greatly appreciated.

Thanks,

Awakenings
Avatar of Jay_Jay70
Jay_Jay70
Flag of Australia image
nope nope nope, you cannot separate the two