There is not a time limit for cached credentials, but if the machine
does not change its password it will not be able to talk to the domain
when it returns. The default time for this is 90 days.
Denny
________________________________
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of joe
Sent: Wednesday, May 05, 2004 12:01 PM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] Cached Domain Credential logon expiry
for Win2k/XP
Our cached logon expert is Rick, he should be along shortly with
info... :o)
I do not believe that there is an expiration. However a simple
test would be to take a test domain and set the password policy to 1 or
2 days and then join a laptop and see what happens if you don't log on
to the domain for 3 or 5 days or whatever.
joe
________________________________
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of
[EMAIL PROTECTED]
Sent: Wednesday, May 05, 2004 11:47 AM
To: [EMAIL PROTECTED]
Subject: [ActiveDir] Cached Domain Credential logon expiry for
Win2k/XP
Does anyone know how long cached credentials for domain logons
are valid on Win2K/XP machines? Is there even an expiry date? A
concern was raised by our desktop OS group that cached credentials for
domain logons may expire for laptop users who spend considerable time
away from the office, leaving them unable to access the workstation. In
My life as a road warrior, I never had this happen to me, but I was
never way from a network connection (VPN or otherwise) for more than 2
weeks.
I have been searching for a definitive answer in terms of a KB
article or some other "authoritative source" ( I guess my trust me
response was not authoritative enough), but have been unable to find
one.
David Frost
Directory Engineering,
Messaging, Directories and PKI Engineering Services
Industry Canada
List info : http://www.activedir.org/mail_list.htm
List FAQ : http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
