none
Cached logon count via group policy RRS feed

  • Question

  • how to set Cached logon count via group policy

    unable to find this police under

    computer Configuration\Windows Settings \Security Settings\Local Policies\Security Options

    how can we customize security options? 


    Thursday, December 15, 2011 12:20 PM

Answers

  • Hi,

    Thanks for your posting.

    You can find an item called “Interactive logon: Number of previous logons to cache (in case domain controller is not available)” at Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\

    This item determines the number of users who can have cached credentials on the computer. In this policy setting, a value of 0 disables logon caching. Any value above 50 only caches 50 logon attempts. Default number: 10

    For more information please refer to following MS article:

    Interactive logon: Number of previous logons to cache (in case domain controller is not available)
    http://technet.microsoft.com/en-us/library/cc755473(v=WS.10).aspx


    Lawrence

    TechNet Community Support

    Monday, December 19, 2011 6:50 AM
    Moderator

All replies

  • This is controlled by a local registry setting (in HKLM) per this kb:

    http://support.microsoft.com/kb/172931

    I believe you can use Group Policy to deploy the setting you want, under Computer Configuration\Windows Settings\Security Settings\Registry.

     


    Richard Mueller - MVP Directory Services
    Thursday, December 15, 2011 4:18 PM
  • You don't find it because you probably have a Windows Server 2003 operating system. Like Richard said in your case I think the best option in your case would be running sa startup/logon script, batch file to make the registry changes.

    As for customizing security options you can try to create custom Group Policy ADM Templates:

    http://support.microsoft.com/kb/225087


    MCTS - Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
    Thursday, December 15, 2011 6:46 PM
  • i think we can customize windows security templates

    http://www.windowsecurity.com/articles/customizing-windows-security-templates.html

     

     

     

    Friday, December 16, 2011 5:17 AM
  • Hi,

    Thanks for your posting.

    You can find an item called “Interactive logon: Number of previous logons to cache (in case domain controller is not available)” at Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\

    This item determines the number of users who can have cached credentials on the computer. In this policy setting, a value of 0 disables logon caching. Any value above 50 only caches 50 logon attempts. Default number: 10

    For more information please refer to following MS article:

    Interactive logon: Number of previous logons to cache (in case domain controller is not available)
    http://technet.microsoft.com/en-us/library/cc755473(v=WS.10).aspx


    Lawrence

    TechNet Community Support

    Monday, December 19, 2011 6:50 AM
    Moderator