Re: profile logon problem

From: Lanwench (lanwench@heybuddy.donotsendme.unsolicitedmail.yahoo.com)
Date: 08/27/02 

From: "Lanwench" <lanwench@heybuddy.donotsendme.unsolicitedmail.yahoo.com>
Date: Mon, 26 Aug 2002 23:27:41 -0400

I'd imagine that if the user has also been using a local account, they
aren't terribly worried about any of this.

"Billy" <man@women.com> wrote in message
news:TQBa9.50089$bu81.39637@news02.bloor.is.net.cable.rogers.com...
> You should realize that if a system cannot communicate with the domain
> controller, your security restrictions might not be applied. The cached
> credentials record the state of GPOs and the user account's access token
at
> the time of the last logon. If any of this has changed, but the user's
> cached credentials are used instead of the updated credentials from the
> domain controller, then your security is not being enforced as you are
> expecting it to be. In addition to not updating GPOs, cached credentials
> also prevent access to a user's home folders, and they do not execute
logon
> scripts.
> Usually, when cached credentials are used by the system, you will see an
> error message appear between your logon and the display of the desktop. If
> you are not sure whether you are operating from DC authentication or
cached
> credentials, issue the "SET LOGONSERVER" command from a command prompt to
> review the name of the authentication system. If the result is local
system,
> then you are using your cached credentials. The use of cached logons is
also
> recorded in the System log of the Event Viewer with an event ID of 5719.
> If you choose to disable cached credentials, any client that is unable to
> communicate with a domain controller will not be allowed to enter into the
> domain.
>
>
>

Relevant Pages

  • Re: access granted after lock out
    ... Interactive logon: Number of previous logons to cache ... You cannot log on to a computer that is using cached credentials after you change your password by using a domain controller ... her account was locked out on all three. ...
    (microsoft.public.windows.server.active_directory)
  • Re: Mandatory assignments, "Logon" switch
    ... client until user logs on the client (without cached credentials). ... requesting policy. ... > It is not a problem if users logon using cached credentials but you should ...
    (microsoft.public.sms.swdist)
  • Re: Remote User Needs to Change PWD without connecting to domain
    ... I spent forever setting up our VPN, and I'm pretty sure it's good to go now ... I'm just really curious what happens when her password expires and ... > I think you are misinterpreting the "10 logon" settings. ... > when cached credentials are used to logon locally. ...
    (microsoft.public.win2000.security)
  • Re: Cached Credentials causing problems with shares?
    ... logon to the machine locally and then connect to the shares over the VPN. ... But I'm trying to access the shares while connected to a VPN ... on using cached credentials so it can contact the domain controllers. ...
    (microsoft.public.windows.server.active_directory)
  • Re: How to change password?
    ... No he will not be able to logon with cached credentials unless he knows the ... still allow him access to the domain through the VPN not being able to logon ... use a local admin account to get into the laptop and is able to connect to ...
    (microsoft.public.windowsxp.security_admin)