Ahh, but did you run gpupdate /force S
From: David Lum [mailto:[EMAIL PROTECTED] Sent: Tuesday, September 23, 2008 1:18 PM To: NT System Admin Issues Subject: RE: Cached credentials GPO Ok here's what happened: 1) Create GPO to limit cached credential retention to 1 (default is 10) 2) Link GPO to appropriate OU 3) At target workstation I ran GPUPDATE It was 15 mins+ before the workstation stopped remembering more than 1 cached credential, I probably ran GPUPDATE every 5 mins on the workstation. David Lum // SYSTEMS ENGINEER NORTHWEST EVALUATION ASSOCIATION (Desk) 971.222.1025 // (Cell) 503.267.9764 From: Ken Schaefer [mailto:[EMAIL PROTECTED] Sent: Tuesday, September 23, 2008 6:07 AM To: NT System Admin Issues Subject: RE: Cached credentials GPO What does the number of DCs have to do with it? GPO refresh is initiated by the client... Cheers Ken From: David Lum [mailto:[EMAIL PROTECTED] Sent: Tuesday, 23 September 2008 4:45 AM To: NT System Admin Issues Subject: RE: Cached credentials GPO Thanks. I keep forgetting that even single DC setups have some GPO lag unless kicked. David Lum // SYSTEMS ENGINEER NORTHWEST EVALUATION ASSOCIATION (Desk) 971.222.1025 // (Cell) 503.267.9764 From: Michael B. Smith [mailto:[EMAIL PROTECTED] Sent: Monday, September 22, 2008 11:39 AM To: NT System Admin Issues Subject: RE: Cached credentials GPO Unless you force them, GPOs refresh in 90 minutes +/- a random interval. Regards, Michael B. Smith, MCITP:SA,EMA/MCSE/Exchange MVP My blog: http://TheEssentialExchange.com/blogs/michael Link with me at: http://www.linkedin.com/in/theessentialexchange From: David Lum [mailto:[EMAIL PROTECTED] Sent: Monday, September 22, 2008 2:34 PM To: NT System Admin Issues Subject: RE: Cached credentials GPO OK...apparently I need to wait more than 10 minutes, even in a single FSMO environment...seems to be working now with no additional work on my part. David Lum // SYSTEMS ENGINEER NORTHWEST EVALUATION ASSOCIATION (Desk) 971.222.1025 // (Cell) 503.267.9764 From: David Lum [mailto:[EMAIL PROTECTED] Sent: Monday, September 22, 2008 11:17 AM To: NT System Admin Issues Subject: Cached credentials GPO If you change the GPO for cached credentials from the default of 10 to 1...if the machine has already cached 8 logins will it clear those existing credentials? My testing here indicates no... ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~