Bypass Cached credentials when logging onto Windows XP

Hendrik Wiese
Hendrik Wiese used Ask the Experts™
on
Hi,

We had a policy on our netword that disabled cached credentials on all workstations. We have managed to remove this in the following location on our Server 2003 machine (Computer Config > Windows Settings > Security Settings > Security Options > "Interactive logon: Number of previous logons to cache (in case domain controller is not available).)

The problem that we have is that we have remote users that use SSL to connect to the network after they logged into their machine and because the cached credentials was disabled on their local policy while they were connected to the domain yestarday, they cannot log into their machines today.

So is there a way to bypass the cached credentials when logging into the machine? Also note that the Administrator account has been disabled so I can not get into the machine at all.

Any suggestions would be greatly appreciated.
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®

Commented:
Yes there is, make sure users log in using "log in using dial up connection" when they startup windows, this way they actually get the policies applied to them, else, if they login to VPN SSL after they are logged in, the policies will never be applies, unless they log onto the domain..

Because you probably disabled the admin account using a policy, you;d still have the same issue with enabling that account again.
Hendrik WieseInformation Security Manager

Author

Commented:
Thanks for your reply. The users that log in from home use 3G, which for some reason does not want to connect. And you need to connect to 3G and then only can you connect through SSL.

They get a connection error when trying to logon using dial up. Have you maybe got any other suggestions, or maybe know of a way to edit the Policy through command prompt before windows starts?
Commented:
Hey,

Nope unfortenatley i don;t. We had the exact same problem with users abroad.. Eventually we ended up asking then to go by any office with a DC when they were in the neigbourhood.

Triggering Group policy update can be done by using the gpupdate /force option, but the machine settings will be implemented at logon, in which your users are not yet connected to the domain, cannot see the DC and thus don;t receive the policies..
Hendrik WieseInformation Security Manager

Author

Commented:
Hey,

We tried pushing GPUpdate, but for some reason it did not work so I had to get them to send their machines to us to resolve the issue. Thanks for all the suggestions though.

Commented:
Ok, that's what i thought and was afraid off that a gpupdate wouldn't work.. Unfortenately though...

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial