Windows Domain Cached Credentials

We have a Small Business Server 2003 Domain & I have 3 new laptops to join to it.  The users of these laptops are at another jobsite.  Once I join these computers to the domain is there any way to cache their credentials ahead of time so that they will be able to login at the site.

I normally have employees come into the office and log in once while the new computer is connected to the server. Then when they go out in the field they can still login with the cached credentials. However these employees will not be able to make it into the office. I would like to get everything set up and take them out there.

I do not want to have to ask them for their passwords or reset them and then have to worry about changing them back through vpn or something.  
dtsmith1984Asked:
Who is Participating?

Improve company productivity with a Business Account.Sign Up

x
 
Hypercat (Deb)Connect With a Mentor Commented:
After rereading your OP, I can amend my answer to say that all you'd have to do is pre-configure the VPN connection and make it available to all users before you deliver the machine to the user in the field.  Then he/she would be able to use the "log on using dialup networking" option from the logon prompt initially.
0
 
Jon WinterburnCommented:
I think what you are asking for is impossible, because in order for the credentials to be cached, they have to first be authenticated by the LSA, and if you are not going to authenticate for the first time, then the workstation will not be able to store the credentials in it's Credential Manager.

See this: http://support.microsoft.com/kb/913485
0
 
Hypercat (Deb)Commented:
I am not 100% certain, but I believe that if you can get them to log on using dial-up networking, so that they are logging on directly to the domain, their domain credentials will get cached at that time.  As long as the machine is already joined to the domain, it should work OK.  You would have to have them log on to the local machine as a local administrator and create a VPN connection for use by everyone.  Then, they would log off and log on to the domain using the "log on using dial-up networking" option from the logon prompt with their own domain user credentials.  
0
Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

 
ChiefITCommented:
Once I join these computers to the domain is there any way to cache their credentials ahead of time so that they will be able to login at the site

Windows does this automatically, in the event the 2003 server is down or unreachable.
0
 
dtsmith1984Author Commented:
ChiefIT:  

 Windows does not do this automatically because if I just add a user to the machine  DOMAIN\USERNAME and try to log in without a connection to the server it says it cannot validate.  If i plug in to the network and then log in, the credentials are then cached and i can log in without being connected to the server.

Is there something that i may need to set up differently for it to cache initially without logging in to each of the users?


hypercat:

The VPN would probably work but in this instance the users do not have any internet access at their current location.  I am going to go ahead and accept your solution since 9 times out of 10 that would work.



0
 
dtsmith1984Author Commented:
Thank you!
0
 
ChiefITCommented:
Here is a little bit of information that might give you some insight on what is going on.
http://www.experts-exchange.com/OS/Microsoft_Operating_Systems/Server/Windows_2003_Active_Directory/Q_22597159.html

There are a couple sets of credentials that folks call cached credentials: (Truth is, neither are really cached!)
--The first set are saved credentials. These are located in Control Pannel>>Users>>advanced>>Managed passwords.
For these credentials, the user has to elect to save the credentials on the local machine. The drawback is if you change the domain credentials, your saved credentials will not match the domain credentials. So, you are not able to log in and risk having your domain account locked out.

--The second set of cached credentials are resident in registry and can easily be deemed as cached since they are dynamically updated:
These are located in registry and you save up to ten of them. These credentials are called Hashes:
HKEY_LOCAL_MACHINE\SECURITY\CACHE\NL$1 through NL$10

With that said, there is a setting you can post that tells you what credentials you are using ("cached" or domain credentials).
http://support.microsoft.com/kb/242536
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.