Disable a users ability to login to a laptop when AD is not available

Posted on 2012-08-11
Last Modified: 2012-09-11
I am trying to figure out if I can set a timer on the cached credentials on a windows 7 laptop via gpo to disable the ability to logon to a laptop if they have not connected to AD for x amount of days.

So example:

Sales guy is on the road and gets let go.  While out of the office he is using his cached domain credentials for authentication.  I want to configure all the laptops so that if a user dosen't connect to AD in say 8 days that he will not be able to login to his laptop.  I also plan on enabling bitlocker so that if he pulls the drive he will not be able to get any data off it.

domain function level is at 2008 r2

has anyone done this?
Question by:miteldatanet
    LVL 39

    Assisted Solution

    It is not possible with GP. You can limit only logon count with cached cedentials. Here is a thread with almost same question, but clear solution was not found:
    LVL 70

    Assisted Solution

    No you can't do this. The cached credential limit (which you can set), refers to the number of different users credentials that are cached, not how long they are cached for.
    LVL 52

    Accepted Solution

    This isnt possible as when the user logs into the machine while in Domain his Profile is created and a Cache is made. Now once he is disconnected from the Network he can still log-into the machine with the same Domain credentials cause of the Cached entry.

    - Rancy

    Featured Post

    What Security Threats Are You Missing?

    Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

    Join & Write a Comment

    Some time ago I faced the need to use a uniform folder structure that spanned across numerous sites of an enterprise to be used as a common repository for the Software packages of the Configuration Manager 2007 infrastructure. Because the procedu…
    Scenario:  You do full backups to a internal hard drive in either product (SBS or Server 2008).  All goes well for a very long time.  One day, backups begin to fail with a message that the disk is full.  Your disk contains many, many more backups th…
    This tutorial will give a short introduction and overview of Backup Exec 2012 and how to navigate and perform basic functions. Click on the Backup Exec button in the upper left corner. From here, are global settings for the application such as conne…
    This tutorial will walk an individual through setting the global and backup job media overwrite and protection periods in Backup Exec 2012. Log onto the Backup Exec Central Administration Server. Examine the services. If all or most of them are stop…

    734 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    24 Experts available now in Live!

    Get 1:1 Help Now