Sign in with
Sign up | Sign in
Your question

cached logons

Last response: in Windows XP
Share
Anonymous
a b D Laptop
July 7, 2005 12:26:05 PM

Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

When tracking the the 10 cached logons, does XP count logons by the same user
against the 10? I ask because a remote user who checked out one of our loaner
laptops reports - from the road - that she can't logon with her credentials.
She used this same laptop recently and 10 unique users definitely haven't
logged onto the machine in the interim. A different user, who had the laptop
in the interim, did log on at least ten times.

More about : cached logons

Anonymous
a b D Laptop
July 8, 2005 10:03:40 PM

Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

pdx wrote:

> When tracking the the 10 cached logons, does XP count logons by the same user
> against the 10? I ask because a remote user who checked out one of our loaner
> laptops reports - from the road - that she can't logon with her credentials.
> She used this same laptop recently and 10 unique users definitely haven't
> logged onto the machine in the interim. A different user, who had the laptop
> in the interim, did log on at least ten times.
Hi,

The CachedLogonsCount is a number indicating for how many users
the computer should remember cached credentials for, and not
how many times a user can log on with cached credentials in a row
(because that is unlimited and cannot be changed)...

Windows will remember the 10 most *recent* logon attempts (for
different users), this way it is the oldest logon cache entries that
will be purged when the allowed number is surpassed.


More here:

Microsoft Windows 2000 Security Hardening Guide
Chapter 5 - Security Configuration
http://www.microsoft.com/technet/security/prodtech/win2...

<quote>
Disable Caching of Logon Information

Security Objective: Windows 2000 has the capability to cache logon
information. If the Domain Controller cannot be found during logon
and the user has logged on to the system in the past, it can use
those credentials to log on. This is extremely useful, for example,
on portable computers, which need to be used when the user is away
from the network. The CachedLogonsCount Registry valued determines
how many user account entries Windows 2000 saves in the logon cache
on the local computer. The logon cache is a secured area of the
computer and the credentials are protected using the strongest form
of encryption available on the system. If the value of this entry
is 0, Windows 2000 does not save any user account data in the logon
cache. In that case, if the user's Domain Controller is not
available and a user tries to log on to a computer that does not
have the user's account information, Windows 2000 displays the
following message:

The system cannot log you on now because the domain <Domain-name>
is not available.

If the Administrator disables a user's domain account, the user
could still use the cache to log on by disconnecting the net cable.
To prevent this, Administrators may disable the caching of logon
information. The default setting allows caching of 10 sets of
credentials.

Recommendation: Set this to at least 2 to ensure that the system
is usable while the domain controllers are down or unavailable.
</quote>


--
torgeir, Microsoft MVP Scripting and WMI, Porsgrunn Norway
Administration scripting examples and an ONLINE version of
the 1328 page Scripting Guide:
http://www.microsoft.com/technet/scriptcenter/default.m...
Anonymous
a b D Laptop
July 8, 2005 10:03:41 PM

Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

Thanks for the reply. The described behavior is what I understood to be the
case. But I have an on-the-road user reporting that her cached logon is not
allowing access to a laptop (and I have had other users in the past report an
inability to log on locally to laptops that they have logged onto fairly
recently). The user currently unable to logon to a laptop, logged onto the
laptop in question 1-2 weeks ago and ten unique users definitely haven't
logged onto the machine in the interim.
Any knows causes of cached logons not allowing access?

"Torgeir Bakken (MVP)" wrote:

> pdx wrote:
>
> > When tracking the the 10 cached logons, does XP count logons by the same user
> > against the 10? I ask because a remote user who checked out one of our loaner
> > laptops reports - from the road - that she can't logon with her credentials.
> > She used this same laptop recently and 10 unique users definitely haven't
> > logged onto the machine in the interim. A different user, who had the laptop
> > in the interim, did log on at least ten times.
> Hi,
>
> The CachedLogonsCount is a number indicating for how many users
> the computer should remember cached credentials for, and not
> how many times a user can log on with cached credentials in a row
> (because that is unlimited and cannot be changed)...
>
> Windows will remember the 10 most *recent* logon attempts (for
> different users), this way it is the oldest logon cache entries that
> will be purged when the allowed number is surpassed.
>
>
> More here:
>
> Microsoft Windows 2000 Security Hardening Guide
> Chapter 5 - Security Configuration
> http://www.microsoft.com/technet/security/prodtech/win2...
>
> <quote>
> Disable Caching of Logon Information
>
> Security Objective: Windows 2000 has the capability to cache logon
> information. If the Domain Controller cannot be found during logon
> and the user has logged on to the system in the past, it can use
> those credentials to log on. This is extremely useful, for example,
> on portable computers, which need to be used when the user is away
> from the network. The CachedLogonsCount Registry valued determines
> how many user account entries Windows 2000 saves in the logon cache
> on the local computer. The logon cache is a secured area of the
> computer and the credentials are protected using the strongest form
> of encryption available on the system. If the value of this entry
> is 0, Windows 2000 does not save any user account data in the logon
> cache. In that case, if the user's Domain Controller is not
> available and a user tries to log on to a computer that does not
> have the user's account information, Windows 2000 displays the
> following message:
>
> The system cannot log you on now because the domain <Domain-name>
> is not available.
>
> If the Administrator disables a user's domain account, the user
> could still use the cache to log on by disconnecting the net cable.
> To prevent this, Administrators may disable the caching of logon
> information. The default setting allows caching of 10 sets of
> credentials.
>
> Recommendation: Set this to at least 2 to ensure that the system
> is usable while the domain controllers are down or unavailable.
> </quote>
>
>
> --
> torgeir, Microsoft MVP Scripting and WMI, Porsgrunn Norway
> Administration scripting examples and an ONLINE version of
> the 1328 page Scripting Guide:
> http://www.microsoft.com/technet/scriptcenter/default.m...
>
Related resources
Anonymous
a b D Laptop
July 22, 2005 11:37:19 PM

Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

"" wrote:
> Thanks for the reply. The described behavior is what I
> understood to be the
> case. But I have an on-the-road user reporting that her cached
> logon is not
> allowing access to a laptop (and I have had other users in the
> past report an
> inability to log on locally to laptops that they have logged
> onto fairly
> recently). The user currently unable to logon to a laptop,
> logged onto the
> laptop in question 1-2 weeks ago and ten unique users
> definitely haven't
> logged onto the machine in the interim.
> Any knows causes of cached logons not allowing access?
>
> "Torgeir Bakken (MVP)" wrote:
>
> > pdx wrote:
> >
> > > When tracking the the 10 cached logons, does XP count
> logons by the same user
> > > against the 10? I ask because a remote user who checked
> out one of our loaner
> > > laptops reports - from the road - that she can't logon
> with her credentials.
> > > She used this same laptop recently and 10 unique users
> definitely haven't
> > > logged onto the machine in the interim. A different user,
> who had the laptop
> > > in the interim, did log on at least ten times.
> > Hi,
> >
> > The CachedLogonsCount is a number indicating for how many
> users
> > the computer should remember cached credentials for, and not
> > how many times a user can log on with cached credentials in
> a row
> > (because that is unlimited and cannot be changed)...
> >
> > Windows will remember the 10 most *recent* logon attempts
> (for
> > different users), this way it is the oldest logon cache
> entries that
> > will be purged when the allowed number is surpassed.
> >
> >
> > More here:
> >
> > Microsoft Windows 2000 Security Hardening Guide
> > Chapter 5 - Security Configuration
> > http://www.microsoft.com/technet/security/prodtech/win2...
> >
> > <quote>
> > Disable Caching of Logon Information
> >
> > Security Objective: Windows 2000 has the capability to cache
> logon
> > information. If the Domain Controller cannot be found during
> logon
> > and the user has logged on to the system in the past, it can
> use
> > those credentials to log on. This is extremely useful, for
> example,
> > on portable computers, which need to be used when the user
> is away
> > from the network. The CachedLogonsCount Registry valued
> determines
> > how many user account entries Windows 2000 saves in the
> logon cache
> > on the local computer. The logon cache is a secured area of
> the
> > computer and the credentials are protected using the
> strongest form
> > of encryption available on the system. If the value of this
> entry
> > is 0, Windows 2000 does not save any user account data in
> the logon
> > cache. In that case, if the user's Domain Controller is not
> > available and a user tries to log on to a computer that does
> not
> > have the user's account information, Windows 2000 displays
> the
> > following message:
> >
> > The system cannot log you on now because the domain
> <Domain-name>
> > is not available.
> >
> > If the Administrator disables a user's domain account, the
> user
> > could still use the cache to log on by disconnecting the net
> cable.
> > To prevent this, Administrators may disable the caching of
> logon
> > information. The default setting allows caching of 10 sets
> of
> > credentials.
> >
> > Recommendation: Set this to at least 2 to ensure that the
> system
> > is usable while the domain controllers are down or
> unavailable.
> > </quote>
> >
> >
> > --
> > torgeir, Microsoft MVP Scripting and WMI, Porsgrunn Norway
> > Administration scripting examples and an ONLINE version of
> > the 1328 page Scripting Guide:
> > http://www.microsoft.com/technet/scriptcenter/default.m...
> >

Did you ever find a resolution? I have been having similar issues
with Windows 2000 SP4 remote PC’a and Laptops for about 2 months.
My open case with microsoft has resulted in nothing so far.

--
Posted using the http://www.windowsforumz.com interface, at author's request
Articles individually checked for conformance to usenet standards
Topic URL: http://www.windowsforumz.com/Security-Admin-cached-logo...
Visit Topic URL to contact author (reg. req'd). Report abuse: http://www.windowsforumz.com/eform.php?p=1316738
August 10, 2005 8:42:05 AM

Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

Hello!

Same problem here. The value is 50, but after 12 Logons the next user can't
log on.

Greetings,

Tom

"pdx" wrote:

> When tracking the the 10 cached logons, does XP count logons by the same user
> against the 10? I ask because a remote user who checked out one of our loaner
> laptops reports - from the road - that she can't logon with her credentials.
> She used this same laptop recently and 10 unique users definitely haven't
> logged onto the machine in the interim. A different user, who had the laptop
> in the interim, did log on at least ten times.
!