Solved

Cached Credential

Posted on 2010-09-13
10
965 Views
Last Modified: 2012-05-10
We want to restrict user to log into PCs with cached credential only 2 times. Is there any way to do that?
0
Comment
Question by:dongocdung
  • 5
  • 4
10 Comments
 
LVL 6

Accepted Solution

by:
Joshua_Peters earned 500 total points
ID: 33668401
You can configure this security setting by opening the appropriate policy and expanding the console tree as such: Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\

It is called "Interactive logon: Number of previous logons to cache (in case domain controller is not available)"
0
 

Author Comment

by:dongocdung
ID: 33671703
I believe this option only prevents multiple users from using cached credential to log into PCs. I want to know if there is a way to prevent a SINGLE user from log into PCs mutiple times using cached credential.
0
 
LVL 6

Assisted Solution

by:Joshua_Peters
Joshua_Peters earned 500 total points
ID: 33673858
Sorry here is a better view. This is where you limit the number of cached logins.
Capture.PNG
0
PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

 

Author Comment

by:dongocdung
ID: 33674071
Joshua;

Again, this only limits the number of users who can use cached credential to log into PCs. My question is that if there is a way to restrict the number of TIMES a SINGLE user can use cached credential to log into a PC.
0
 
LVL 6

Expert Comment

by:Joshua_Peters
ID: 33674195
This is what it says when you click the explain button:

Interactive logon: Number of previous logons to cache (in case domain controller is not available)

All previous users' logon information is cached locally so that, in the event that a domain controller is unavailable during subsequent logon attempts, they are able to log on . If a domain controller is unavailable and a user's logon information is cached, the user is prompted with a message that reads as follows:

Windows cannot connect to a server to confirm your logon settings. You have been logged on using previously stored account information. If you changed your account information since you last logged on to this computer, those changes will not be reflected in this session.

If a domain controller is unavailable and a user's logon information is not cached, the user is prompted with this message:

The system cannot log you on now because the domain is not available.

In this policy setting, a value of 0 disables logon caching. Any value above 50 only caches 50 logon attempts.

Default: 25

0
 
LVL 6

Expert Comment

by:Joshua_Peters
ID: 33674241
If you type 5 each user has 5 attempts without being connected to the domain before it gives them the error.
0
 

Author Comment

by:dongocdung
ID: 33675390
Have you have a chance to try out this policy? When I set the number to five and then I unplug the cable I was able to log into the PC more than 5 times (unlimited times)
0
 
LVL 23

Expert Comment

by:Suliman Abu Kharroub
ID: 33676244
I agree with 'donqocdung", this policy setting determine number of users not number of attempts.

I wonder if i there is a way to do that...
0
 
LVL 6

Expert Comment

by:Joshua_Peters
ID: 33676840
After you do it type in the run box "gpupdate" without the quotes then run "gpresult /h file.html" Then view the file to see if the group policy has been updated.

If that doesn't work then do "gpupdate /force /boot" then reboot then run "gpresult /h file.html"

If that doesn't work make sure the group policy is being applied to the right users.
0
 

Author Closing Comment

by:dongocdung
ID: 33792480
Got my answer
0

Featured Post

Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Resolve DNS query failed errors for Exchange
In this article, we will see the basic design consideration while designing a Multi-tenant web application in a simple manner. Though, many frameworks are available in the market to develop a multi - tenant application, but do they provide data, cod…
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
This video shows how to use Hyena, from SystemTools Software, to bulk import 100 user accounts from an external text file. View in 1080p for best video quality.

809 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question