DNS Cache, NetBIOS Cache , Domain Cache Credentials are stored at RAM or Hard Disk ?

Hi Expert ,
I am interested to know the following Caches are  stored at which location ( RAM or Hard Disk )

a) DNS Cache
b) NetBIOS Cache
c) Domain Cache Credential

And DHCP Leased IP Address is stored at RAM ? Hard Disk ?? or some where in the Network Adaptor ???
kcnAsked:
Who is Participating?
 
Chris DentConnect With a Mentor PowerShell DeveloperCommented:
The first two are stored in RAM.

Credentials are a bit dependant on what you mean. If you're talking about typed credentials and non-persistent network connections then it's memory resident.

If you're talking about an interative logon session then it's a Kerberos session ticket stoed in memory, but no actual credentials are stored.

Chris
0
 
kcnAuthor Commented:
(1) About Domain Cache Credential .

When we first time successful logon to domain , there are cached credential stored locally .

After the first attempt , even without present of DC , we still can logon to domain because of local cache credential ....

I am referring to this type "cached credential " 

(2) You mentioned " Credentials are a bit dependant on what you mean. If you're talking about typed credentials and non-persistent network connections then it's memory resident... "

Please quote one or two real world examples what cache credential you referred to ??

Thanks .

0
 
Chris DentConnect With a Mentor PowerShell DeveloperCommented:
1. Cached Credentails:

They're stored in the registry.

Given that it persists over a reboot it cannot exist in RAM.

2. A credential that has been cached is different from the Cached Credentials feature, I wasn't sure what you meant.

Other forms of caching for credentials, run:

Start, Run
\\server\c$

If you do not have access to that with your current account it will prompt. If you give it a valid user name and password then close the window. Open it again and it will connect using the same credentials without prompting.

Chris
0
Worried about phishing attacks?

90% of attacks start with a phish. It’s critical that IT admins and MSSPs have the right security in place to protect their end users from these phishing attacks. Check out our latest feature brief for tips and tricks to keep your employees off a hackers line!

 
kcnAuthor Commented:
Let me try to summarize some points :-

a) DNS Cache ==> stored in the Memory ( RAM)
b) NetBIOS Cache ==> Stored in the Memory ( RAM)
c) Domain Cache Credential ==> Stored in the Registry ( Hard Disk )

d) Other forms of caching for credentials, run:

Start, Run
\\server\c$
If you do not have access to that with your current account it will prompt. If you give it a valid user name and password then close the window. Open it again and it will connect using the same credentials without prompting.

==> THIS FORM of CACHE IS STORED INSIDE  RAM ???? ==> Please re-confirm



e)  DHCP Leased IP Address is stored at RAM ? Hard Disk ?? or some where in the Network Adaptor ???

Please answer (d) and (e) . Thanks.
======================
0
 
Chris DentConnect With a Mentor PowerShell DeveloperCommented:

d. Yes, in RAM. Reboot and you'll lose it, its not persistent.

e. It gets written to the registry and updated whenever the IP address is updated (whether that's static or assigned by DHCP).

See: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces

You will find folders there with adapter IDs like this "{CF6F64A2-9002-4FDD-9F95-143DF92F6019}". Beneath that you will find the configuration.

Chris
0
 
kcnAuthor Commented:
Chris ,

Thanks for explanation so far !!

For share file , for the first attempt we access the shared folder/file  , it prompt us the username/password , after we key in these credential , the next and following attempt to access the same network shared ( same remote computer) , there are no more prompt us any username/password , we can direct access the shared without key in any username/password....

Above "credentials" are stored at where ?? ( registry ?? ) ( question# F)

How to "force" the user has to key in the credentials each time he/she try to access network share ??
(question # G )  
0
 
Chris DentConnect With a Mentor PowerShell DeveloperCommented:

Memory as part of the network connection (which is not removed).

And you would have to close the connection completely, perhaps look at the return from "net use".

Chris
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.