Re: Cached login credentials and password expiration

From: Steve Riley \(MSFT\) (
Date: 12/18/02

From: "Steve Riley \(MSFT\)" <>
Date: Tue, 17 Dec 2002 22:03:51 -0800

Expiration info isn't included in the cached credential. Users won't be
prompted to change their passwords until they've reconnected to the domain

Steve Riley
MCS Security Consulting Practice
"Pat Allen" <> wrote in message
> I am in an oceanographic research environment. We have a
> number of Windows NT 4.0 domains corresponding to our
> shore environment and our various research ships. Our
> ships can be away from shore for periods of months at a
> time. (There is no BDC for the shore domain on any of the
> ships due to replication issues.) During this period,
> scientists from the shore use their notebook computers
> with their cached login information from the shore domain.
> Up to this time, we have not used password expiration but
> we are now investigating it. My concern is that the
> password expiration information might be included in the
> cached information and that a scientist on an extended
> cruise might, all of a sudden, find him or herself with an
> expired password and no way of changing it.
> Can you verify for me whether or not the password
> expiration information is stored in the cached information.
> Thank you,
> Pat Allen
> Monterey Bay Aquarium Research Institute (MBARI)