=>We have an AD environment on 2003 Server.
=>A good half of our users are remote all the time
=>We have a Cisco ASA with Anyconnect
=>Since our users are remote and often need to be able to login to their machines w/o being on the Internet. SO we allow cached usernames.
=> We have procedures inplace so that when a user changes their password they lock the computer and unlock it in order to update teh cached information.
Maybe i'm just not thinking right now - but other than passwords or logon scripts is there any benefit to signing on to the VPN before logon? Does not contacting the domain controller before logon really hurt the SID at all?