Cached credentials

L

luissol

Hi I want to know how much time a credential of a user belonging a
domain lasts in a computer without access to the domain controller?

I know there is a configuration for saving the cache credentials for
10 users, but I want to know if there is other way besides putting the
value of "number of previous logons to chache" to zero that allow me
to control the time that a cached credential is valid

thanks a lot
Luis
 
S

Steve Riley [MSFT]

Correct, cached credentials never expire.

--
Steve Riley
steve.riley@microsoft.com
http://blogs.technet.com/steriley
http://www.protectyourwindowsnetwork.com


"Steven L Umbach" <n9rou@n0-spam-for-me-comcast.net> wrote in message
news:umVNUPRFIHA.536@TK2MSFTNGP06.phx.gbl...
> As far as I can tell cached credentials are good for a very long time and
> don't know if there is an actual time limit. I have come across a user
> that had a old laptop from work that was using them over a year after
> being off the network connected to a domain controller.
>
> The value you see in security policy controls the number of domain users
> that can have cached credentials on a domain computer and not the number
> of times a domain user can logon with cached credentials. Of course if a
> domain user connects to their network where a domain controller lives [or
> through a VPN] and their password has been changed in Active Directory
> they will not be able to access domain network resources with the cached
> credentials that use the old password.
>
> Steve
>
>
> "luissol" <luissol@gmail.com> wrote in message
> news:1193101565.965955.179060@q5g2000prf.googlegroups.com...
>> Hi I want to know how much time a credential of a user belonging a
>> domain lasts in a computer without access to the domain controller?
>>
>> I know there is a configuration for saving the cache credentials for
>> 10 users, but I want to know if there is other way besides putting the
>> value of "number of previous logons to chache" to zero that allow me
>> to control the time that a cached credential is valid
>>
>> thanks a lot
>> Luis
>>
>
>
 
S

Steven L Umbach

As far as I can tell cached credentials are good for a very long time and
don't know if there is an actual time limit. I have come across a user that
had a old laptop from work that was using them over a year after being off
the network connected to a domain controller.

The value you see in security policy controls the number of domain users
that can have cached credentials on a domain computer and not the number of
times a domain user can logon with cached credentials. Of course if a domain
user connects to their network where a domain controller lives [or through a
VPN] and their password has been changed in Active Directory they will not
be able to access domain network resources with the cached credentials that
use the old password.

Steve


"luissol" <luissol@gmail.com> wrote in message
news:1193101565.965955.179060@q5g2000prf.googlegroups.com...
> Hi I want to know how much time a credential of a user belonging a
> domain lasts in a computer without access to the domain controller?
>
> I know there is a configuration for saving the cache credentials for
> 10 users, but I want to know if there is other way besides putting the
> value of "number of previous logons to chache" to zero that allow me
> to control the time that a cached credential is valid
>
> thanks a lot
> Luis
>
 
S

Steven L Umbach

Thanks for verifying that Steve.

Steve


"Steve Riley [MSFT]" <steve.riley@microsoft.com> wrote in message
news:OiGAtvdFIHA.5544@TK2MSFTNGP02.phx.gbl...
> Correct, cached credentials never expire.
>
> --
> Steve Riley
> steve.riley@microsoft.com
> http://blogs.technet.com/steriley
> http://www.protectyourwindowsnetwork.com
>
>
> "Steven L Umbach" <n9rou@n0-spam-for-me-comcast.net> wrote in message
> news:umVNUPRFIHA.536@TK2MSFTNGP06.phx.gbl...
>> As far as I can tell cached credentials are good for a very long time and
>> don't know if there is an actual time limit. I have come across a user
>> that had a old laptop from work that was using them over a year after
>> being off the network connected to a domain controller.
>>
>> The value you see in security policy controls the number of domain users
>> that can have cached credentials on a domain computer and not the number
>> of times a domain user can logon with cached credentials. Of course if a
>> domain user connects to their network where a domain controller lives [or
>> through a VPN] and their password has been changed in Active Directory
>> they will not be able to access domain network resources with the cached
>> credentials that use the old password.
>>
>> Steve
>>
>>
>> "luissol" <luissol@gmail.com> wrote in message
>> news:1193101565.965955.179060@q5g2000prf.googlegroups.com...
>>> Hi I want to know how much time a credential of a user belonging a
>>> domain lasts in a computer without access to the domain controller?
>>>
>>> I know there is a configuration for saving the cache credentials for
>>> 10 users, but I want to know if there is other way besides putting the
>>> value of "number of previous logons to chache" to zero that allow me
>>> to control the time that a cached credential is valid
>>>
>>> thanks a lot
>>> Luis
>>>
>>
>>
 
You must log in or register to reply here.

Similar threads

A
Does Microsoft LAPS work when credential caching is disabled?
Replies
0
Views
69
al_mitee
A
A
How to change the cached Nearby Sharing friendly name of another PC
Replies
0
Views
34
Andrew-Jones
A
C
Getting Windows Hello Sign In to work with cached credentials and Azure AD
Replies
0
Views
106
Christian Urich
C
D
Missing GPO for LAPs
Replies
0
Views
51
dbnumberiv
D
F
Laptop is dead and can’t access OneDrive files.
Replies
0
Views
27
Fran W_434
F
Back
Top Bottom