Always Wait For Network At Startup And Cached Credentials
If you enable this setting, does it allow a user to logon to the network with cached credentials that could be expired? So they can then access resources they shouldn't have access to anymore?
I realize they can logon off the network, at home for example, with cached credentials, but how do cached credentials operate when connected to the domain network?
March 16th, 2012 12:22pm
Hi,
After a successful domain logon, information is cached; this means that later a user can log on to the computer with the domain account even if the domain controller that authenticated the
user is not available. Because the user has already been authenticated, Windows uses the cached credentials to log the user on locally. For example, if a mobile user logs on to a portable computer that is a domain member with a domain account and then takes
the portable computer to a location where the domain is unavailable, Windows will attempt to use the cached credentials from the last successful logon with a domain account to locally log on the user and allocate access to
local computer resources.
For reference:
http://technet.microsoft.com/en-us/library/cc780332(v=WS.10).aspx
Best Regards,
Kim ZhouPlease remember to click Mark as Answer on the post that helps you, and to click Unmark as Answer if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
Free Windows Admin Tool Kit Click here and download it now
March 20th, 2012 9:16pm
Yes, but what if the Domain Controller is available? Can it use cached or will it always authenticate the entered credentials against the DC?
March 21st, 2012 9:23am
If the DC is available, Windows will not use cached credentials and will authenticate the user against the domain. It is possible in certain scenarios to be connected to the domain but for one reason or another not be able to communicate with a DC and I
think Windows will then use the cached credentials (because as far as its concerned there is no DC). However when you try and access a network resource Windows will attempt to authenticate the user again. If a DC is available for this subsequent attempt at
authentication and the credentials are incorrect, access will be denied.
Regards qSilverx
Free Windows Admin Tool Kit Click here and download it now
March 21st, 2012 10:48am