RE: Cleaning remote machines of disabled user accounts
From: Tom Che [MSFT] (v-tomche_at_online.microsoft.com)
Date: 10/28/05
- Previous message: Keith: "Re: admin account locked out by limited account"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Fri, 28 Oct 2005 07:45:12 GMT
Hi Dave,
Thanks for posting here.
Regarding disable cached credentials, there is an existing Group Policy
which you can use:
Name: Interactive logon: Number of previous logons to cache (in case domain
controller is not available)
Location: Computer Configuration\Windows Settings\Local Policies\Security
Options\
Description:
================
Determines the number of times a user can log on to a Windows domain using
cached account information.
Logon information for domain accounts can be cached locally so that, in the
event a domain controller cannot be contacted on subsequent logons, a user
can still log on. This setting determines the number of unique users for
which logon information is cached locally.
If a domain controller is unavailable and a user's logon information is
cached, the user is prompted with the following message:
A domain controller for your domain could not be contacted. You have been
logged on using cached account information. Changes to your profile since
you last logged on may not be available.
If a domain controller is unavailable and a user's logon information is not
cached, the user is prompted with this message:
The system cannot log you on now because the domain <DOMAIN_NAME> is not
available.
Notes:
-Setting this value to 0 disables the local caching of logon information.
-The maximum value for this setting is 50.
================
Related Registry entry:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\Current Version\Winlogon\
ValueName: CachedLogonsCount
Data Type: REG_SZ
Values: 0~50
For more information, please see:
Cached Logon Information
http://support.microsoft.com/Default.aspx?id=172931
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Regarding the roaming profile issue, I am afraid I am not sure what roaming
profiles you would like to delete, you meant the roaming profiles stored on
the server or the roaming profiles' caches on the clients?
If you would like to automatically delete the roaming profiles' caches
which belong to the disabled user accounts on the client, I think you need
a script to do this. I recommend you open a new post would best be
addressed in the Developer newsgroups. I have provided the link below:
<http://msdn.microsoft.com/newsgroups/default.asp>
Or you may ask for developer support:
<http://support.microsoft.com/directory/directory/phonepro.asp?sd=msdn>
Hope this helps!
Have a nice day!
Sincerely,
Tom Che
Microsoft Online Partner Support
Get Secure! - www.microsoft.com/security
=====================================================
When responding to posts, please "Reply to Group" via your newsreader so
that others may learn and benefit from your issue.
=====================================================
This posting is provided "AS IS" with no warranties, and confers no rights.
--------------------
>Thread-Topic: Cleaning remote machines of disabled user accounts
>thread-index: AcXbE9XLg6TBTznVTh+4hqaR565qIw==
>X-WBNR-Posting-Host: 161.11.130.8
>From: "=?Utf-8?B?RGF2ZQ==?=" <davep@nospam.postalias>
>Subject: Cleaning remote machines of disabled user accounts
>Date: Thu, 27 Oct 2005 09:31:08 -0700
>Lines: 6
>Message-ID: <43F4D584-1E81-45F9-87AB-B23BC24124EA@microsoft.com>
>MIME-Version: 1.0
>Content-Type: text/plain;
> charset="Utf-8"
>Content-Transfer-Encoding: 7bit
>X-Newsreader: Microsoft CDO for Windows 2000
>Content-Class: urn:content-classes:message
>Importance: normal
>Priority: normal
>X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.0
>Newsgroups: microsoft.public.windowsxp.security_admin
>NNTP-Posting-Host: TK2MSFTNGXA03.phx.gbl 10.40.2.250
>Path: TK2MSFTNGXA01.phx.gbl!TK2MSFTNGXA03.phx.gbl
>Xref: TK2MSFTNGXA01.phx.gbl microsoft.public.windowsxp.security_admin:55521
>X-Tomcat-NG: microsoft.public.windowsxp.security_admin
>
>Do any utilties or scripts exist that would delete roaming profiles and/or
>disable cached credentials - I want to rid machines of only disabled
>accounts, not valid active ones. I'd like to push it out via SMS.
Thanks
>
>
>
>
- Previous message: Keith: "Re: admin account locked out by limited account"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
