Re: Domain user logon when network is not available

From: chris@nospam.com
Date: 03/01/03

  • Next message: chris@nospam.com: "Re: Domain user logon when network is not available" 
    From: chris@nospam.com
Date: Fri, 28 Feb 2003 21:01:27 -0800

    On 28 Feb 2003 11:32:48 -0800, ksmith@aeoa.org (Kevin Smith) wrote:

    >I am puzzled as to how a domain user is able to logon to their local
    >machine when the network and domain controller are not available. I
    >get the error message...
    >
    >"Windows cannot locate your roaming profile and is attempting to log
    >you on with your local profile. Changes to the profile will not be
    >propagated...blah blah blah"
    >
    >How is this possible? Where is Windows able to authenticate the
    >identity of the user? It is not the local SAM file because the only
    >local user is Administrator.
    >
    >Somehow the computer knows what the users correct domain password is
    >because it requires it for logon. where is the computer pulling this
    >domain users password from and should i be concerned that it is
    >hackable like the SAM file is?
    >
    >Please help me to understand whats going on!
    >
    >Thanks, Kevin

    It' called "cached credentials". NT by default remembers the last 10
    successful logins. A handy trick to log into a machine after your
    domain account is disabled is to simply unplug the network cable.
    Great MS security if you ask me, although this is handy for users who
    travel with their laptops.

    -Chris

    Relevant Pages

    • Re: Domain user logon when network is not available
      ... >machine when the network and domain controller are not available. ... >you on with your local profile. ... >because it requires it for logon. ... A handy trick to log into a machine after your ...
      (comp.os.ms-windows.nt.admin.security)
    • RE: Strange logon problem, takes minutes to logon to Windows XP SP
      ... This is caused by the asyncronous loading of networking during the boot up ... wait for the network at computer startup and logon" to ENABLED. ... profile and is trying to logon with your local profile", ...
      (microsoft.public.windowsxp.network_web)
    • Re: Roaming Profile still tries to load off network
      ... unplugging the network cable fixes it. ... This is why you see events that the computer can't find the domain controller in the event logs even before you logon to the computer when you are off the domain. ... This is also how the computer knows to used the cached credentials and does so very quickly istead of sitting at the logon prompt for about a minute after you enter your password. ... Now since the computer already knows that I am off the domain because it already failed a check for itself and fell back to using cached credentials it should used the local copy of the profile without trying to get it from the server. ...
      (microsoft.public.windowsxp.general)
    • Re: How can I connect one laptop to two different domains?
      ... > controllers just by choosing the domain controller during the logon? ... network) and then just access resources on any other network by passing the ... profile to manage, doesn't add in anything else that could possibly cause ... he needs Outlook access to an Exchange mailbox, ...
      (microsoft.public.win2000.networking)
    • Re: Logon Server Unavailable
      ... There are currently no logon servers available to service ... You use a office laptop to connect the office VPN, when you map a network ... you may receive this message: "This account is the ... The server is not configured for transactions"> "A domain controller for your domain could not be contacted" ...
      (microsoft.public.windows.server.general)