Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Cached Credential

Posted on 2010-09-13
10
Medium Priority
?
1,025 Views
Last Modified: 2012-05-10
We want to restrict user to log into PCs with cached credential only 2 times. Is there any way to do that?
0
Comment
Question by:dongocdung
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 4
10 Comments
 
LVL 6

Accepted Solution

by:
Joshua_Peters earned 2000 total points
ID: 33668401
You can configure this security setting by opening the appropriate policy and expanding the console tree as such: Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\

It is called "Interactive logon: Number of previous logons to cache (in case domain controller is not available)"
0
 

Author Comment

by:dongocdung
ID: 33671703
I believe this option only prevents multiple users from using cached credential to log into PCs. I want to know if there is a way to prevent a SINGLE user from log into PCs mutiple times using cached credential.
0
 
LVL 6

Assisted Solution

by:Joshua_Peters
Joshua_Peters earned 2000 total points
ID: 33673858
Sorry here is a better view. This is where you limit the number of cached logins.
Capture.PNG
0
NFR key for Veeam Agent for Linux

Veeam is happy to provide a free NFR license for one year.  It allows for the non‑production use and valid for five workstations and two servers. Veeam Agent for Linux is a simple backup tool for your Linux installations, both on‑premises and in the public cloud.

 

Author Comment

by:dongocdung
ID: 33674071
Joshua;

Again, this only limits the number of users who can use cached credential to log into PCs. My question is that if there is a way to restrict the number of TIMES a SINGLE user can use cached credential to log into a PC.
0
 
LVL 6

Expert Comment

by:Joshua_Peters
ID: 33674195
This is what it says when you click the explain button:

Interactive logon: Number of previous logons to cache (in case domain controller is not available)

All previous users' logon information is cached locally so that, in the event that a domain controller is unavailable during subsequent logon attempts, they are able to log on . If a domain controller is unavailable and a user's logon information is cached, the user is prompted with a message that reads as follows:

Windows cannot connect to a server to confirm your logon settings. You have been logged on using previously stored account information. If you changed your account information since you last logged on to this computer, those changes will not be reflected in this session.

If a domain controller is unavailable and a user's logon information is not cached, the user is prompted with this message:

The system cannot log you on now because the domain is not available.

In this policy setting, a value of 0 disables logon caching. Any value above 50 only caches 50 logon attempts.

Default: 25

0
 
LVL 6

Expert Comment

by:Joshua_Peters
ID: 33674241
If you type 5 each user has 5 attempts without being connected to the domain before it gives them the error.
0
 

Author Comment

by:dongocdung
ID: 33675390
Have you have a chance to try out this policy? When I set the number to five and then I unplug the cable I was able to log into the PC more than 5 times (unlimited times)
0
 
LVL 23

Expert Comment

by:Suliman Abu Kharroub
ID: 33676244
I agree with 'donqocdung", this policy setting determine number of users not number of attempts.

I wonder if i there is a way to do that...
0
 
LVL 6

Expert Comment

by:Joshua_Peters
ID: 33676840
After you do it type in the run box "gpupdate" without the quotes then run "gpresult /h file.html" Then view the file to see if the group policy has been updated.

If that doesn't work then do "gpupdate /force /boot" then reboot then run "gpresult /h file.html"

If that doesn't work make sure the group policy is being applied to the right users.
0
 

Author Closing Comment

by:dongocdung
ID: 33792480
Got my answer
0

Featured Post

Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Group policies can be applied selectively to specific devices with the help of groups. Utilising this, it is possible to phase-in group policies, over a period of time, by randomly adding non-members user or computers at a set interval, to a group f…
Microsoft Office 365 is a subscriptions based service which includes services like Exchange Online and Skype for business Online. These services integrate with Microsoft's online version of Active Directory called Azure Active Directory.
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …
Suggested Courses

688 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question