Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

cached credentials

1 view
Skip to first unread message

Ido friedman

unread,
Apr 24, 2006, 3:20:02 AM4/24/06
to
I have a general question about cached credentials.

I am familiar with some GPO setting that are relevant to this subject :
- Interactive logon: Number of previous logons to cache (in case domain
controller is not available)
- Interactive logon: Require Domain Controller authentication to unlock

BUT I was not able to find a complete document or explanation of this process

Could some one add any information and help me get a broader view of this
capability?

Thanks in advance,

Ido Friedman
Motorola Israel

Paul Williams [MVP]

unread,
Apr 24, 2006, 1:02:08 PM4/24/06
to
What, specifically, are you after?

> Interactive logon: Number of previous logons to cache (in case domain
> controller is not available)

The value you enter here is in relation to how many different sets of cached
credentials a workstation stores.

Basically, a workstation will keep a cache of the token that was generated
the last time you successfully logged on in the registry. If a DC is
unavailable, or no network connection is present, the workstation will allow
you to logon using your cached token. This is only good for the local box
however.

--
Paul Williams
Microsoft MVP - Windows Server - Directory Services
http://www.msresource.net | http://forums.msresource.net


Ido friedman

unread,
Apr 25, 2006, 2:38:01 AM4/25/06
to
Thanks for you replay,

What are the limits of this? Time, Count Etc...

And just to clarify the - "Interactive logon: Number of previous logons to
cache (in case domain controller is not available)" parameter is how many
different users can be cached? or is it how many logons per user can be
cached?

As well my interest in this is for a project and I need to have some MS
documentation about this subject is there any overview or description my MS
on this?

Thanks in advance,

Ido Friedman

Paul Williams [MVP]

unread,
Apr 25, 2006, 2:51:04 AM4/25/06
to
> What are the limits of this? Time, Count Etc...

I don't know to be honest. If the computer doesn't connect to the domain
again and get a new token, I think this is indefinite. There's no count as
far as I'm aware. As soon as a network logon occurs, the cached token is
updated.


> And just to clarify the - "Interactive logon: Number of previous logons to
> cache (in case domain controller is not available)" parameter is how many
> different users can be cached? or is it how many logons per user can be
> cached?

It is how many tokens can be cached. Which means it is how many users can
be cached, not how many logons per user.


> As well my interest in this is for a project and I need to have some MS
> documentation about this subject is there any overview or description my
> MS on this?

I've not come across much, but there must be plenty. Look on Microsoft's
website at the Windows 2000 Resource Kit - Distributed Systems Guide, AD
Operations Guide, and the XP resource kit.

0 new messages