Solved

Cached Credential

Posted on 2010-09-13
10
1,003 Views
Last Modified: 2012-05-10
We want to restrict user to log into PCs with cached credential only 2 times. Is there any way to do that?
0
Comment
Question by:dongocdung
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 4
10 Comments
 
LVL 6

Accepted Solution

by:
Joshua_Peters earned 500 total points
ID: 33668401
You can configure this security setting by opening the appropriate policy and expanding the console tree as such: Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\

It is called "Interactive logon: Number of previous logons to cache (in case domain controller is not available)"
0
 

Author Comment

by:dongocdung
ID: 33671703
I believe this option only prevents multiple users from using cached credential to log into PCs. I want to know if there is a way to prevent a SINGLE user from log into PCs mutiple times using cached credential.
0
 
LVL 6

Assisted Solution

by:Joshua_Peters
Joshua_Peters earned 500 total points
ID: 33673858
Sorry here is a better view. This is where you limit the number of cached logins.
Capture.PNG
0
Office 365 Training for Admins - 7 Day Trial

Learn how to provision tenants, synchronize on-premise Active Directory, implement Single Sign-On, customize Office deployment, and protect your organization with eDiscovery and DLP policies.  Only from Platform Scholar.

 

Author Comment

by:dongocdung
ID: 33674071
Joshua;

Again, this only limits the number of users who can use cached credential to log into PCs. My question is that if there is a way to restrict the number of TIMES a SINGLE user can use cached credential to log into a PC.
0
 
LVL 6

Expert Comment

by:Joshua_Peters
ID: 33674195
This is what it says when you click the explain button:

Interactive logon: Number of previous logons to cache (in case domain controller is not available)

All previous users' logon information is cached locally so that, in the event that a domain controller is unavailable during subsequent logon attempts, they are able to log on . If a domain controller is unavailable and a user's logon information is cached, the user is prompted with a message that reads as follows:

Windows cannot connect to a server to confirm your logon settings. You have been logged on using previously stored account information. If you changed your account information since you last logged on to this computer, those changes will not be reflected in this session.

If a domain controller is unavailable and a user's logon information is not cached, the user is prompted with this message:

The system cannot log you on now because the domain is not available.

In this policy setting, a value of 0 disables logon caching. Any value above 50 only caches 50 logon attempts.

Default: 25

0
 
LVL 6

Expert Comment

by:Joshua_Peters
ID: 33674241
If you type 5 each user has 5 attempts without being connected to the domain before it gives them the error.
0
 

Author Comment

by:dongocdung
ID: 33675390
Have you have a chance to try out this policy? When I set the number to five and then I unplug the cable I was able to log into the PC more than 5 times (unlimited times)
0
 
LVL 23

Expert Comment

by:Suliman Abu Kharroub
ID: 33676244
I agree with 'donqocdung", this policy setting determine number of users not number of attempts.

I wonder if i there is a way to do that...
0
 
LVL 6

Expert Comment

by:Joshua_Peters
ID: 33676840
After you do it type in the run box "gpupdate" without the quotes then run "gpresult /h file.html" Then view the file to see if the group policy has been updated.

If that doesn't work then do "gpupdate /force /boot" then reboot then run "gpresult /h file.html"

If that doesn't work make sure the group policy is being applied to the right users.
0
 

Author Closing Comment

by:dongocdung
ID: 33792480
Got my answer
0

Featured Post

MS Dynamics Made Instantly Simpler

Make Your Microsoft Dynamics Investment Count  & Drastically Decrease Training Time by Providing Intuitive Step-By-Step WalkThru Tutorials.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article describes my battle tested process for setting up delegation. I use this process anywhere that I need to setup delegation. In the article I will show how it applies to Active Directory
Let's recap what we learned from yesterday's Skyport Systems webinar.
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…

628 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question