Archived from groups: microsoft.public.windowsxp.security_admin (
More info?)
Hello,
So what this means is that (with a value of 10 for CachedLogonsCount) only
the first 10 users who have ever logged in to that machine use cached
credentials to logon to that machine. Number 11 is out of luck. And may I
conlcude that those first 10 users can log in with cached credentials
indefinitly? I believe this is the case. What happend is that some of our
mobile users claim that they have logged in to the laptop a fortnight ago,
after them perhaps a dozen people logged in (common laptop for application
intervention accross the country) and that after that they could no longer
log in which is a scenario that I think should not happen. I think that
since he was one of the first 10 log on to the laptop he should be able to
log in using cached credentials. Hence my questions if the ability to use
cached credentials can expire.
Thanks to both of you for your help, I appreciate it.
"Rebecca Chen [MSFT]" <v-rebc@online.microsoft.com> wrote in message
news:NZJVq4bCFHA.644@cpmsftngxa10.phx.gbl...
> Hello,
>
> Do you refer to the CachedLogonsCount in the registry key? You can change
> the number of previous logon attempts that a server will cache. By
> default,
> Windows NT will remember the 10 most recent logon attempts. The valid
> range
> of values for this parameter is 0 to 50. A value of 0 turns off logon
> caching and any value above 50 will only cache 50 logon attempts.
>
> In other word, if you set the key to 10, the server will allow 10 user
> account to rememeber the cache information, however, the 11th user account
> cannot use the cached mode to logon since it exceeds the max user account
> who are permitted to use cached logon.
>
> Therefore, you can increase key to 50 to allow 50 user accounts to use
> cached logon.
>
> For more details, please refer to the following article:
>
> Cached Logon Information
>
http://support.microsoft.com/?id=172931
>
> As Admiral said " they've logged on 10 times with the "cached"
> credentials", I guess you may have refer to the help and support center,
> which explains the "Interactive Logon" as follows:
>
> "Determines the number of times a user can log on to a Windows domain
> using
> cached account information".
>
> I believe this has misleaded you to believe 10 refers to the 10 times
> after
> the user attempt to logon. I am sorry to say the Help and support center
> has incorrectly addressed this explanation. This has been been updated,
> however, we have a published KB article to correct this.
>
> The following is the correct version of the first sentence of the Help
> topic that is described in the "Symptoms" section:
> Determines the number of different unique users who can log on to a
> Windows
> domain by using cached account information.
>
> For more details, please refer to the following article:
> "Interactive Logon: Number of Previous Logons to Cache" Help Topic
> Contains
> Incorrect Information
>
http://support.microsoft.com/?id=825805
>
> Any update, let us get in touch!
>
> Best regards,
>
> Rebecca Chen
>
> MCSE2000 MCDBA CCNA
>
>
> Microsoft Online Partner Support
> Get Secure! - www.microsoft.com/security
>
> =====================================================
>
> When responding to posts, please "Reply to Group" via your newsreader so
> that others may learn and benefit from your issue.
>
> =====================================================
> This posting is provided "AS IS" with no warranties, and confers no
> rights.
>