Link to home
Start Free TrialLog in
Avatar of awakenings

asked on

How are passwords and profiles interelated in Windows XP?

This question regards cached logons.  Is it possible to separate cached logons from cached passwords?  We want cached logons, but we don't want cached passwords.  Is that possible?  It is on a domain.  I thought the two were tied together, but my manager things otherwise.  Thoughts?  Opinions?
Avatar of Jay_Jay70
Flag of Australia image

Link to home
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of Brian Pierce
The domain credentials are cached seperatly from IDs and Passwords used to connect to other resources like shared folders on a workgroup. Caching domain credentials is useful, it allows people using laptops for example to still enter their domiain username/password and access the local machine whien they are not on the network and saves them having to have a domain and local user account and switch between the two accorining to circumstances. You can switch this off if you like but be aware of the consequences. You can do it b by group policy or registry key.

The password for shared non-domain resources and the like can be cleared amended or added to by going to the user accounts in control panel selecting the user and on the advanced tab select manage passwords.
but the point still remains, caching a logon caches its password - you cannot have either or
To disable cached credentials, simply alter the appropriate GPOs so that every system in the environment has the Computer Configuration, Windows Setting, Local Policy, Security Options control of "Interactive Logon: Number of previous logons to cache (in case domain controller is not available)" to 0 logons (from the default of 10).

I cant find any info on automatically clearing stoted usernames and passwords but there is some more info at
I assumed that what awakenings was referng to was the difference between cached credentials (essentially the domain username/password) and 'UserNames and Passwords' (which are all the other stuff for things like connecting to a non-domain share or internet passwords.)

The two things are seperate and can be managed independently.
I'm sorry If I have mis-interpreted the question
no need to apologise, maybe i interpreted wrong, awakenings????

cached and local can deffinitely be separated but to passwords and logons are the same thing
Avatar of awakenings


    I apologize for the delay.  I was out earlier than expected.  What I am interested in is the interrelation between profiles and passwords.  In other words if we keep cached logons, can we get rid of the passwords.  We do not want passwords on the system any more than local user passwords.  If you can supply a Microsoft reference, it would be greatly appreciated.


nope nope nope, you cannot separate the two