Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

Cached credential and passwords expiration

Posted on 2007-11-21
6
Medium Priority
?
3,896 Views
Last Modified: 2012-01-09
Hi.

We would like to know what are the limitations to the use of cached credentials (number of consecutive logins, duration...) and how to modify them. Our AD will host some laptops users who won't be able to connect to it for months, and we want them to keep using their computers.
We also need to know what would happen in this case about the password expiration dates ? Would thoses users still be able to log in using the cache credentials event though the date has passed ?
And what about their return ? Will they be able to connect to the AD, using their old password and changing it at that point ?
Thanks for your support.
0
Comment
Question by:nxbp
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
6 Comments
 
LVL 70

Accepted Solution

by:
KCTS earned 2000 total points
ID: 20326651
There is no limit for the longevity of cached credentials - bey default credentials for up to 10 users are cached on each machine. If passwords expire on the domain, then cached credentails will continue to work - when the user next connects the the domainthey will be prompted to change the password in the normal way and the cached credentials will be updated.
0
 

Expert Comment

by:jaesoul
ID: 20469495
I thought the limit was 50? Can someone please verify this information
0
 
LVL 8

Expert Comment

by:MotoCrazy
ID: 20771676
Limit is 50, but default is 10. Value can be anything fro 0-50.
0
Veeam Task Manager for Hyper-V

Task Manager for Hyper-V provides critical information that allows you to monitor Hyper-V performance by displaying real-time views of CPU and memory at the individual VM-level, so you can quickly identify which VMs are using host resources.

 
LVL 70

Expert Comment

by:KCTS
ID: 20772244
As said, there is no limit to the duration of cached credentials, by default up to 10 different sets of credentials are cached, as MotoCrazy says - the max is 50.
0
 

Author Closing Comment

by:nxbp
ID: 31410330
Sorry for the delay, I'd forgotten to rate your answer. Thanks for the help
0
 
LVL 2

Expert Comment

by:MtnNtwks
ID: 24937315
Not to beat a closed issue to death, but feel it's necessary to point out the difference between "duration" and "succession"

If you log in using cached credentials, it doesn't throw you out of the login session...hence there is no "duration."

However, you ARE LIMITED to a maximum of login sessions!!  The default is 10, and can increase the default to a maximum of 50 using the following registry key:

Cached logon information is controlled by the following key:
   HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\Current Version\Winlogon\

   ValueName: CachedLogonsCount
   Data Type: REG_SZ
   Values: 0 - 50

Value is 0 to 50. Anything over 50 still only caches for 50 logons.

Microsoft Articles that explain in detail:
http://support.microsoft.com/kb/913485
http://support.microsoft.com/kb/172931/

0

Featured Post

What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Here's a look at newsworthy articles and community happenings during the last month.
A bad practice commonly found during an account life cycle is to set its password to an initial, insecure password. The Password Reset Tool was developed to make the password reset process easier and more secure.
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…
Suggested Courses

610 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question