Change Server 2016 policy so users can logon with domain account when domain controller can't be reached

My organization has two Wi-Fi networks.

The secondary Wi-Fi network has no connectivity to the domain controllers.

Some of the organization's users like to connect to the secondary Wi-Fi network since it has faster speeds than the primary Wi-Fi network.

Now that all of the laptops in this organization have been added to a domain we are having problems when some of the laptops that are connected to the secondary Wi-Fi network receive error messages when the users try to logon with their domain accounts saying that the domain controller can't be reached and therefore the users are unable to logon to their laptops with their domain accounts.

What kind of policy or setting can be changed so that these users will be able to logon to their laptops with their domain accounts even when the domain controller can't be reached?
IT GuyNetwork EngineerAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Jason CrawfordTransport NinjaCommented:
When I was working desktop support many moons ago, my process for new users was to sign-in to Windows as their AD user account at least once so the credentials would be cached and they could authenticate even when not on the network (e.g. your second wi-fi network).  Assuming the users you're working with have signed-in at least once while on the network, they should be able to login to Windows even completely offline.  You are not seeing this?
cfixerbenpaSystem AdministratorCommented:
There is a policy setting that will disable the caching of credentials. i forget exactly where it is but if caching is disabled you will get the problem you are experiencing.
Jason CrawfordTransport NinjaCommented:
Ah I see what you mean now.  The GPO should be located here:

Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Making Bulk Changes to Active Directory

Watch this video to see how easy it is to make mass changes to Active Directory from an external text file without using complicated scripts.

cfixerbenpaSystem AdministratorCommented:
That looks like the right setting. We use it to make laptops inaccessible outside of our offices. Thanks for looking that up.
By default logon caching is enabled on domain controllers for clients unless you block it with GPO

Just check your default domain policies / any other policy if caching is disabled explicitly, disable that policy / setting and you should be fine
IT GuyNetwork EngineerAuthor Commented:

Where exactly can I find this policy you are talking about?
here it is

Number of cached logons (number of user accounts to be cached per system) allowed, it means those accounts can logon to system offline until you come online in corporate network, there is no limit how many times cached account can logon to system while offline
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows Server 2016

From novice to tech pro — start learning today.