Cached credential and passwords expiration

Hi.

We would like to know what are the limitations to the use of cached credentials (number of consecutive logins, duration...) and how to modify them. Our AD will host some laptops users who won't be able to connect to it for months, and we want them to keep using their computers.
We also need to know what would happen in this case about the password expiration dates ? Would thoses users still be able to log in using the cache credentials event though the date has passed ?
And what about their return ? Will they be able to connect to the AD, using their old password and changing it at that point ?
Thanks for your support.
nxbpAsked:
Who is Participating?
 
Brian PierceConnect With a Mentor PhotographerCommented:
There is no limit for the longevity of cached credentials - bey default credentials for up to 10 users are cached on each machine. If passwords expire on the domain, then cached credentails will continue to work - when the user next connects the the domainthey will be prompted to change the password in the normal way and the cached credentials will be updated.
0
 
jaesoulCommented:
I thought the limit was 50? Can someone please verify this information
0
 
MotoCrazyCommented:
Limit is 50, but default is 10. Value can be anything fro 0-50.
0
Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

 
Brian PiercePhotographerCommented:
As said, there is no limit to the duration of cached credentials, by default up to 10 different sets of credentials are cached, as MotoCrazy says - the max is 50.
0
 
nxbpAuthor Commented:
Sorry for the delay, I'd forgotten to rate your answer. Thanks for the help
0
 
MtnNtwksCommented:
Not to beat a closed issue to death, but feel it's necessary to point out the difference between "duration" and "succession"

If you log in using cached credentials, it doesn't throw you out of the login session...hence there is no "duration."

However, you ARE LIMITED to a maximum of login sessions!!  The default is 10, and can increase the default to a maximum of 50 using the following registry key:

Cached logon information is controlled by the following key:
   HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\Current Version\Winlogon\

   ValueName: CachedLogonsCount
   Data Type: REG_SZ
   Values: 0 - 50

Value is 0 to 50. Anything over 50 still only caches for 50 logons.

Microsoft Articles that explain in detail:
http://support.microsoft.com/kb/913485
http://support.microsoft.com/kb/172931/

0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.