How do I delete cached credentials when I log off

I would like Members of the the Domain Administrators group to have their cached credentials deleted when the log out of computers the users's workstations OU.  I do not want to create my profile on every server and it's not a problem having them there.
mbsmooreAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

AquatoneCommented:
Hi,

You are going to get a profile created each time a user logs into Windows. The only way I was able to do this for regular accounts would be to add their group to the local "Guests" group and that would take care of the profile at logoff.
0
mbsmooreAuthor Commented:
I have my guest group disabled, When the Domain Admins log into the workstations they are loggin in ad administrators so the guest solution will not work
0
AquatoneCommented:
Are domain admins using their account as daily drivers? They should use a regular account for normal business and have a separate account for the admin stuff.
0
Simplify Active Directory Administration

Administration of Active Directory does not have to be hard.  Too often what should be a simple task is made more difficult than it needs to be.The solution?  Hyena from SystemTools Software.  With ease-of-use as well as powerful importing and bulk updating capabilities.

AquatoneCommented:
Also, I was referring to the Guests group on the local machine and not the domain.
0
mbsmooreAuthor Commented:
right, wouldn't I be giving the guests group Admin rights to the computer?
0
AquatoneCommented:
No, you be adding the DOMAIN\admins group to the LOCAL\guests group, not vice-versa.
0
dou2bleCommented:
What about using a GPO for restricting cached credentials when logging in?

Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\

 "Interactive Logon: Number of previous logons (in case domain controlleris not available)" to 0.

This way you don't have to worry about deleting them when you log out.


0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
TolomirAdministratorCommented:
This question has been classified as abandoned and is closed as part of the Cleanup Program. See the recommendation for more details.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Vulnerabilities

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.