Re: pwdump 2 & 3

From: Chris Buechler (cbuechler_at_gmail.com)
Date: 12/17/04

  • Next message: Alfred Huger: "List closure"
    Date: Thu, 16 Dec 2004 18:22:02 -0500
    To: "miguel.dilaj@pharma.novartis.com" <miguel.dilaj@pharma.novartis.com>
    
    

    On Thu, 16 Dec 2004 10:39:17 +0100, miguel.dilaj@pharma.novartis.com
    <miguel.dilaj@pharma.novartis.com> wrote:
    >
    > Take into account that the caching can be (and should be? ;-) disabled
    > with the following registry key:
    > HKLM\SOFTWARE\MICROSOFT\WINDOWS
    > NT\CURRENTVERSION\WINLOGON\CACHEDLOGONSCOUNT (change it to 1 to disable
    > the caching)

    Also, FYI, you can set this domain-wide in group policy if you have
    Active Directory. Under Computer Configuration, Windows Settings,
    Local Policies, Security Options. "Interactive logon: Number of
    previous logons to cache (in case domain controller is not available)"

    Keep in mind if you disable this completely on laptops, users won't be
    able to log into their domain account when disconnected from the
    network. You could maintain local user accounts for field use, but
    that would create a support nightmare. Depends on your environment,
    your policies, and the level of risk.

    -Chris


  • Next message: Alfred Huger: "List closure"