locked
Preventing logon outside of the domain RRS feed

  • Question

  • Hi, one of our users has a laptop which they have been told by management cannot leave the premises.

    Its a Windows 7 laptop connecting to a Windows Server 2003 domain. Is there a security option to prevent caching of logins so that everytime they attempt to login they will be forced to reauthenticate?

    Thanks in advance.

    Tuesday, February 22, 2011 12:10 PM

Answers

  • Hi

    You can change the cahedlogonsCount in registry to 0 this will mean everytime they try to log on the domain must be available. You can follow this link:

    http://support.microsoft.com/kb/172931

    but before you create the changes make sure this is the best option because issues might occur when it comes to changing passwords from the laptop, or when trying to log on when the domain is unavailable because you might need to do so maybe in the event that something needs to be done on the machine urgently but you had taken outside of the domain. So think about it and if you are sure this is okay and you have an admin password for the local machine then check it out and try it out

    Hope this helps you :)


    tech-nique
    Tuesday, February 22, 2011 1:53 PM

All replies

  • Hi

    You can change the cahedlogonsCount in registry to 0 this will mean everytime they try to log on the domain must be available. You can follow this link:

    http://support.microsoft.com/kb/172931

    but before you create the changes make sure this is the best option because issues might occur when it comes to changing passwords from the laptop, or when trying to log on when the domain is unavailable because you might need to do so maybe in the event that something needs to be done on the machine urgently but you had taken outside of the domain. So think about it and if you are sure this is okay and you have an admin password for the local machine then check it out and try it out

    Hope this helps you :)


    tech-nique
    Tuesday, February 22, 2011 1:53 PM
  • This worked perfectly, thank you so much.

    Also noted the part about locking ourselves out of the machine, there is a local admin account on it and the user will not be allowed to take it away so this shouldn't be too much of a risk.

     

    Thanks again!

    Wednesday, February 23, 2011 5:18 PM