Archived from groups: microsoft.public.win2000.group_policy (
More info?)
If a user has logged on with a domain account, the credentials (usernmame,
password and domain name) are cached locally.
Then, when the computer is NOT network connected, the user can still logon
with their domain user account. Just leave the "Domain:" box on the logon
panel with the domain name - don't change it to the local computer name.
Key the user's normal (Domain) username and password.
Naturally, since there is no network connection, the locally cached copy of
the roaming profile will also be used.
By default, Windows will cache the logon credentials locally for up to 10
domain user accounts.
--
Bruce Sanderson MVP
It's perfectly useless to know the right answer to the wrong question.
"nhlpens66" <nhlpens66@discussions.microsoft.com> wrote in message
news:73A0A99D-45C1-4059-91F8-CF519061462E@microsoft.com...
> Steven,
>
> Maybe all I'm missing is to actually create the user account in the local
> sam database. That's where the authentication is failing. The profile
> may
> be cached locally, but the user account doesn't exist in the sam. I'll
> try
> that.
>
> "Steven L Umbach" wrote:
>
>> That is by design. You can only logon to the local computer with accounts
>> that exist in the local user database as shown by lusrmgr.msc because
>> when
>> you logon to the local computer you are authenticating with the local
>> sam.
>> Domain users must select the domain name when they logon - not the local
>> machine --- Steve
>>
>>
>> "nhlpens66" <nhlpens66@discussions.microsoft.com> wrote in message
>> news:8B22C6FB-40FF-492B-9004-0F222E2BEBE5@microsoft.com...
>> >I am able to logon with local accounts (locally only, of course); and
>> >with
>> > domain accounts through domain authentication only. I CANNOT logon to
>> > any
>> > domain accounts locally (local machine).
>> >
>> > "Steven L Umbach" wrote:
>> >
>> >> So you are not able to logon at all as that user?? If that is the case
>> >> enable auditing of logon events on the computer in question and
>> >> account
>> >> logon events in Domain Controller Security Policy to see if any logon
>> >> failures are recorded and the reason for such. The error seems to
>> >> indicate
>> >> unknown user account or bad password. By default all domain users can
>> >> logon
>> >> to all domain computers except domain controllers. Make sure you are
>> >> logging
>> >> onto the correct domain or not the local machine on the computer in
>> >> question. Also check that the user has permissions to their local
>> >> profile
>> >> which by default would be full control and also be owner. --- Steve
>> >>
>> >>
>> >> "nhlpens66" <nhlpens66@discussions.microsoft.com> wrote in message
>> >> news:7C8963B1-F2CE-43E4-B3E0-8985E3D2B93B@microsoft.com...
>> >> >I setup roaming profiles and can logon to my domain for each user.
>> >> >However,
>> >> > when I try to compare the original local profile with the new
>> >> > roaming
>> >> > profile side-by-side, I get this error message:
>> >> >
>> >> > "The system could not log you on. Make sure your User name and
>> >> > Domain
>> >> > are
>> >> > correct..."
>> >> >
>> >> > I get this when attempting to log on locally to the machine with the
>> >> > original, local profile.
>> >> >
>> >> > I tried setting the "Allow log on locally" policy under Computer
>> >> > Configuration/Windows Settings/Security Settings/Local Policies/User
>> >> > Rights
>> >> > Assignment".
>> >> >
>> >> > I added the users group. I even added the user explicitly.
>> >> >
>> >> > Am I missing a step when applying this policy? I can email my
>> >> > gpresults
>> >> > if
>> >> > you'd like. Everything appears to be in order.
>> >> >
>> >> > --
>> >> > Jim
>> >>
>> >>
>> >>
>>
>>
>>