5
4
If you have logged on to a Windows machine as a domain user at least once, you can logon to that machine again even if the machine no longer has a network connection.
How does this work? I assume Windows caches the password somewhere and then authenticates the user. If this is the case, does anyone know where its cached?
Isnt this insecure? Assuming the domain admin forced a password change or removed a user, this 'loophole' will still allow the user to logon to the machine.
This is insecure and it can be used as a loophole. If you don't anticipate a need for caching, cached logon should be disabled. There are many instances where I have on-purpose disconnected the Ethernet cable, logged in, and then reconnected the Ethernet cable after the desktop loaded, specifically to avoid logon-related issues – InterLinked – 2017-07-19T17:43:55.233
1Windows store a hash of the password, or more precisely a hash of a hash of the password. Generally speaking, if you have physical access to a machine you can always bypass the logon security anyway, so it doesn't really matter. In the rare situations where it does, the administrator can disable the functionality as Mayank has already explained. – Harry Johnston – 2013-02-28T02:44:23.827