 |
 | Home | Contact Us | FAQ | Search & Site Map | Link to Us |
 | Sign In | Join | Other 45 Sites in Network |
Windows Server Forum / Windows Server 2003 / Active Directory / July 2005Local Caching
Where is the user's password cached when you have a GPO setting on Interactive logon: Number of previous logons to cache (in case domain controller is not available)? Is it store in LSASS secrets? If we set our server to not store local cache of user's password what application or other things will break? I u nderstand that if you turn that off and there is no domain controller available that you will be unable to logon to that server in that domain...But what other hidden gotchas are out there that I might not be thinking of? > Where is the user's password cached when you have a GPO setting on > Interactive logon: Number of previous logons to cache (in case domain [quoted text clipped - 7 lines] > out > there that I might not be thinking of? Hello Keith, it's stored in the local credential cache - the Data Protection API stores the credentials in non-reversible encryption (the same place where EFS-Certificates are stored). This is secure against breaking it, but not secure against brute force attacks (so it's still important that your users are educated to use good and long enough passwords). It's stored with the profile data, and the policy you mention keeps the whole profile of the user. If you use roaming profiles you don't have anything to loose but being able to log on with the cached credentials, meaning that a DC and GC must be available when trying to log in. Sincerely, Ulf B. Simon-Weidner |
Reply to this Message |
 Sign In
 Join
 My Latest Posts My Monitored Threads My Blog My Photo Gallery My Profile My Homepage Start New Thread Enable EMail Alerts Rate this Thread
|
©2010 Advenet LLC Privacy Policy - Terms of Use
This website includes both content owned or controlled by Advenet as well as content owned or controlled by third parties.