Solved

Cached Credential

Posted on 2010-09-13
10
951 Views
Last Modified: 2012-05-10
We want to restrict user to log into PCs with cached credential only 2 times. Is there any way to do that?
0
Comment
Question by:dongocdung
  • 5
  • 4
10 Comments
 
LVL 6

Accepted Solution

by:
Joshua_Peters earned 500 total points
Comment Utility
You can configure this security setting by opening the appropriate policy and expanding the console tree as such: Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\

It is called "Interactive logon: Number of previous logons to cache (in case domain controller is not available)"
0
 

Author Comment

by:dongocdung
Comment Utility
I believe this option only prevents multiple users from using cached credential to log into PCs. I want to know if there is a way to prevent a SINGLE user from log into PCs mutiple times using cached credential.
0
 
LVL 6

Assisted Solution

by:Joshua_Peters
Joshua_Peters earned 500 total points
Comment Utility
Sorry here is a better view. This is where you limit the number of cached logins.
Capture.PNG
0
 

Author Comment

by:dongocdung
Comment Utility
Joshua;

Again, this only limits the number of users who can use cached credential to log into PCs. My question is that if there is a way to restrict the number of TIMES a SINGLE user can use cached credential to log into a PC.
0
 
LVL 6

Expert Comment

by:Joshua_Peters
Comment Utility
This is what it says when you click the explain button:

Interactive logon: Number of previous logons to cache (in case domain controller is not available)

All previous users' logon information is cached locally so that, in the event that a domain controller is unavailable during subsequent logon attempts, they are able to log on . If a domain controller is unavailable and a user's logon information is cached, the user is prompted with a message that reads as follows:

Windows cannot connect to a server to confirm your logon settings. You have been logged on using previously stored account information. If you changed your account information since you last logged on to this computer, those changes will not be reflected in this session.

If a domain controller is unavailable and a user's logon information is not cached, the user is prompted with this message:

The system cannot log you on now because the domain is not available.

In this policy setting, a value of 0 disables logon caching. Any value above 50 only caches 50 logon attempts.

Default: 25

0
Maximize Your Threat Intelligence Reporting

Reporting is one of the most important and least talked about aspects of a world-class threat intelligence program. Here’s how to do it right.

 
LVL 6

Expert Comment

by:Joshua_Peters
Comment Utility
If you type 5 each user has 5 attempts without being connected to the domain before it gives them the error.
0
 

Author Comment

by:dongocdung
Comment Utility
Have you have a chance to try out this policy? When I set the number to five and then I unplug the cable I was able to log into the PC more than 5 times (unlimited times)
0
 
LVL 23

Expert Comment

by:Suliman Abu Kharroub
Comment Utility
I agree with 'donqocdung", this policy setting determine number of users not number of attempts.

I wonder if i there is a way to do that...
0
 
LVL 6

Expert Comment

by:Joshua_Peters
Comment Utility
After you do it type in the run box "gpupdate" without the quotes then run "gpresult /h file.html" Then view the file to see if the group policy has been updated.

If that doesn't work then do "gpupdate /force /boot" then reboot then run "gpresult /h file.html"

If that doesn't work make sure the group policy is being applied to the right users.
0
 

Author Closing Comment

by:dongocdung
Comment Utility
Got my answer
0

Featured Post

Do You Know the 4 Main Threat Actor Types?

Do you know the main threat actor types? Most attackers fall into one of four categories, each with their own favored tactics, techniques, and procedures.

Join & Write a Comment

There are two modes of restricted groups GPOs. Replacing mode:   Additive mode:   How do they work? Replacing mode: Everything (users, groups, computers) that is member of the local administrators group will be cleared out. After th…
Resolve DNS query failed errors for Exchange
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …

771 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now