Re: Local Caching
From: Roger Abell (mvpNOSpam_at_asu.edu)
Date: 07/30/05
- Next message: Malke: "Re: 086eb794e.html -Desktop Background"
- Previous message: Karl Levinson, mvp: "Re: MS04-011 LSASS virus"
- In reply to: Keith: "Local Caching"
- Next in thread: Karl Levinson, mvp: "Re: Local Caching"
- Reply: Karl Levinson, mvp: "Re: Local Caching"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Sat, 30 Jul 2005 13:20:38 -0700
Unless you have some requirement whereby you want to insist that
domain account logins cannot happen unless the domain controller(s)
can be contacted, then you are better off just leaving the credential
caching alone, IOW if your concern is about the strength of the cache
storage and whether it presents a vulnerability to your environment,
I would not be worried if I were you, the caching is quite strong .
-- Roger Abell Microsoft MVP (Windows Security) MCSE (W2k3,W2k,Nt4) MCDBA "Keith" <Keith@discussions.microsoft.com> wrote in message news:FE0E24EB-46AE-4421-92BC-50191250765A@microsoft.com... > Where is the user's password cached when you have a GPO setting on > Interactive logon: Number of previous logons to cache (in case domain > controller is not available)? Is it store in LSASS secrets? > > If we set our server to not store local cache of user's password what > application or other things will break? I u nderstand that if you turn that > off and there is no domain controller available that you will be unable to > logon to that server in that domain...But what other hidden gotchas are out > there that I might not be thinking of? > >
- Next message: Malke: "Re: 086eb794e.html -Desktop Background"
- Previous message: Karl Levinson, mvp: "Re: MS04-011 LSASS virus"
- In reply to: Keith: "Local Caching"
- Next in thread: Karl Levinson, mvp: "Re: Local Caching"
- Reply: Karl Levinson, mvp: "Re: Local Caching"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
