The password for a cached logon doesn't expire, it is only when the offline computer is connected back to the domain that domain synchronisation occurs and expires the user object password. I have seen some newsgroup posts supporting this statement but no "official" microsoft documentation.
To disable cached logons set the
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon
Value: CachedLogonsCount
Type: REG_SZ
Data: 0
Note: Before disabling cached logons on Servers ensure you checkout this article, given that this would be an unlikely scenario given the size of site requiring a cluster...
The main scenario where this might occur in is the availability of the Private Cluster LAN, yet the Public LAN is broken in some manner.Still a good insight to other potential issues with disabling cached logons.
Cluster nodes may fail when the CachedLogonsCount value in the registry is set to zero
http://support.microsoft.com/kb/827885
Default values for Domain Controllers Pre-2008 is 10 cached logons, with this figure being bumped to 25 for "Longhorn" server.
Cached domain logon information
http://support.microsoft.com/default.aspx?scid=KB;EN-US;q172931
The default value of the cachedlogonscount registry entry has changed from 10 to 25 in Windows Longhorn Server
http://support.microsoft.com/kb/911605
Wednesday, April 16, 2008
Cached logons are available by default on a domain member system (workstation or server).
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment