Re: Logon using cached credentials
- From: kevin <kevsout@xxxxxxxxxxx>
- Date: Fri, 17 Aug 2007 18:30:40 +0100
On 2007-03-01 20:14:12 +0000, Harry Johnston <harry@xxxxxxxxxxxxxxxxxx> said:
Dharan Prakash wrote:
What happens if the user is removed from the central Active Directory store? Will the user still be able to login in the workstation using locally cached credentials ?
Yes, though (presumably) not when the workstation is on the network.
Harry.
I'm interested in the "presumably" qualifier here.
Could someone clarify whether the following is true:
User logs on to a system using a domain account, and logs off.
Sysadmin removes account from domain (or disables the account, or changes the password).
User attempts to log on to domain account using original password).
Since the system has cached the user's credentials, it allows the logon. However, simultaneously to this, the logon attempt is sent to the domain controller.
The logon failure is received from the domain controller.
The user has the same local authorisation as he had before, but no domain authorisation.
If the sysadmin hadn't done anything, the domain logon would succeed, would replace the existing credentials, and the user would be fully logged on to the system and domain.
Cheers,
kevin
.
- Prev by Date: Re: Email from Microsoft????
- Next by Date: Re: ? re august updates
- Previous by thread: Re: ? re august updates
- Next by thread: Re: restricting user access in XP to IE etc - How?
- Index(es):
Relevant Pages
|
|
