Re: Cached login credentials and password expiration

From: Steve Riley \(MSFT\) (steriley@microsoft.com)
Date: 12/18/02


From: "Steve Riley \(MSFT\)" <steriley@microsoft.com>
Date: Tue, 17 Dec 2002 22:03:51 -0800

Expiration info isn't included in the cached credential. Users won't be
prompted to change their passwords until they've reconnected to the domain
controller.

--
--------------------------------
Steve Riley
MCS Security Consulting Practice
steriley@microsoft.com
--------------------------------
"Pat Allen" <nouser@mbari.org> wrote in message
news:06d701c2a5d0$4cd8ea60$d7f82ecf@TK2MSFTNGXA14...
> I am in an oceanographic research environment. We have a
> number of Windows NT 4.0 domains corresponding to our
> shore environment and our various research ships. Our
> ships can be away from shore for periods of months at a
> time. (There is no BDC for the shore domain on any of the
> ships due to replication issues.) During this period,
> scientists from the shore use their notebook computers
> with their cached login information from the shore domain.
>
> Up to this time, we have not used password expiration but
> we are now investigating it. My concern is that the
> password expiration information might be included in the
> cached information and that a scientist on an extended
> cruise might, all of a sudden, find him or herself with an
> expired password and no way of changing it.
>
> Can you verify for me whether or not the password
> expiration information is stored in the cached information.
>
> Thank you,
> Pat Allen
> Monterey Bay Aquarium Research Institute (MBARI)
> pat@mbari.org