Re: Local Caching

From: Karl Levinson, mvp (levinson_k_at_despammed.com)
Date: 07/30/05 

Date: Sat, 30 Jul 2005 09:00:46 -0400

"Keith" <Keith@discussions.microsoft.com> wrote in message
news:FE0E24EB-46AE-4421-92BC-50191250765A@microsoft.com...

> If we set our server to not store local cache of user's password what
> application or other things will break? I u nderstand that if you turn
that
> off and there is no domain controller available that you will be unable to
> logon to that server in that domain...But what other hidden gotchas are
out
> there that I might not be thinking of?

I'm not aware of anything else that will break... except that very rarely
you may encounter a problem that is fairly easily fixed by unplugging the
network cable and logging in with cached credentials, and fairly difficult
to fix if this is not an option. The most recent example was an
incompatability with Sophos antivirus and Windows 2000 post SP-4 rollup 1.
Another example is if you use a utility to change all the local
administrator passwords on all your systems remotely across the network
[such as a batch file with the CUSRMGR.EXE command] and something goes wrong
to make the password not work so that you cannot log in locally.

You may know this, but I want to make sure you know that the setting we're
discussing ONLY affects and caches passwords when users log in locally at
the console. This setting and password caching does not apply when logging
in across the network. When the domain controller is down, you won't be
able to log into a server remotely unless you use an ID and password that is
set up as a local account on that target server [or your locally cached
domain ID and password happens to exactly match a local account on that
target server].

Relevant Pages

  • NT AUTHORITYNETWORK SERVICE (updated question)
    ... Controller in the network and both Domain Controllers are synchronized. ... I cannot find 'NETWORK SERVICE' on the domain controller! ... other member servers (as a local account) or XP PCs but NOT ...
    (microsoft.public.windows.server.general)
  • Re: Security
    ... As long as your computer is able to locate the correct domain controller, ... If there are more than 1 domain controller in the network and the share ... > machine with a local account. ... > password for the respective username. ...
    (microsoft.public.windows.server.networking)
  • RE: Strange Irregular DNS/Networking Problems
    ... My network is not a complicated set up and only has one domain controller. ... problems with DNS resolving after changing DNS servers. ... I was already using the server for DHCP. ...
    (microsoft.public.windows.server.dns)
  • Re: IPSec / domain isolation: confusing MS documents
    ... workstation, he is able to attach to server ressources again, but for our ... The user right for access this computer from the network ... will not work for computer accounts unless ipsec is being used. ... securing a domain controller. ...
    (microsoft.public.windows.server.security)
  • RE: Strange Irregular DNS/Networking Problems
    ... Disable offloading in the network adapter properties ... After doing this on the server and the client it seems to have fixed ... Tested with just one client and the domain controller on the ... "Meinolf Weber" wrote: ...
    (microsoft.public.windows.server.dns)