This forum has migrated to Microsoft Q&A. Visit Microsoft Q&A to post new questions.

Remove From My Forums

Preventing logon outside of the domain

Question
0

Sign in to vote

Hi, one of our users has a laptop which they have been told by management cannot leave the premises.

Its a Windows 7 laptop connecting to a Windows Server 2003 domain. Is there a security option to prevent caching of logins so that everytime they attempt to login they will be forced to reauthenticate?

Thanks in advance.

Tuesday, February 22, 2011 12:10 PM

Answers

1

Sign in to vote
Hi

You can change the cahedlogonsCount in registry to 0 this will mean everytime they try to log on the domain must be available. You can follow this link:

http://support.microsoft.com/kb/172931

but before you create the changes make sure this is the best option because issues might occur when it comes to changing passwords from the laptop, or when trying to log on when the domain is unavailable because you might need to do so maybe in the event that something needs to be done on the machine urgently but you had taken outside of the domain. So think about it and if you are sure this is okay and you have an admin password for the local machine then check it out and try it out

Hope this helps you :)
tech-nique
- Marked as answer by Tiger LiMicrosoft employee Wednesday, February 23, 2011 10:14 AM
Tuesday, February 22, 2011 1:53 PM

All replies

1

Sign in to vote
Hi

You can change the cahedlogonsCount in registry to 0 this will mean everytime they try to log on the domain must be available. You can follow this link:

http://support.microsoft.com/kb/172931

but before you create the changes make sure this is the best option because issues might occur when it comes to changing passwords from the laptop, or when trying to log on when the domain is unavailable because you might need to do so maybe in the event that something needs to be done on the machine urgently but you had taken outside of the domain. So think about it and if you are sure this is okay and you have an admin password for the local machine then check it out and try it out

Hope this helps you :)
tech-nique
- Marked as answer by Tiger LiMicrosoft employee Wednesday, February 23, 2011 10:14 AM
Tuesday, February 22, 2011 1:53 PM
0

Sign in to vote

This worked perfectly, thank you so much.

Also noted the part about locking ourselves out of the machine, there is a local admin account on it and the user will not be allowed to take it away so this shouldn't be too much of a risk.

Thanks again!

Wednesday, February 23, 2011 5:18 PM