1
When you take a laptop off the business network how does one login if you use Active Directory accounts to access the machine.
Are profiles cached after first logging in?
Jason
Posted 2014-04-03T15:03:20.297
Reputation: 3 636
How do Active Directory accounts work off network
Answers
2
Cached domain logon only works if the user has logged on once with a valid password. Windows will then store the MD5 (see comments below) hash of this password on the local disk. If the PC has no connection to an Active Directory domain controller the next time the same user logs on, Windows will authenticate the user locally using the locally stored password hash.
By default, Windows stores the password hashes of the last 10 logons. Thus, if multiple users share a PC, it is possible that the cached domain logon fails even though the user has logged on this machine before.
TomEus
Posted 2014-04-03T15:03:20.297
Reputation: 3 355
Because a lot of people seem to misunderstand this (IMO), I'd like to add some additional info: the
Interactive logon: Number of previous logons to cachesetting determines the number of unique user logons to cache. So it's about logonentities, not logoninstances, which is what I think a lot of people think this setting is about. A single unique cached logon (entity) can logon an unlimited number of timesoff networkas long as that unique logon remains cached. – joeqwerty – 2014-04-03T17:12:52.323An addition about "profiles cached": yes, when a user logs in for the first time (and connects to the domain controller) the profile is created and stored on the PC. – daraos – 2014-04-04T06:29:28.993