RE: Cached credentials GPO

Tue, 23 Sep 2008 09:20:47 -0700 

Ahh, but did you run gpupdate /force

S

From: David Lum [mailto:[EMAIL PROTECTED]
Sent: Tuesday, September 23, 2008 1:18 PM
To: NT System Admin Issues
Subject: RE: Cached credentials GPO

Ok here's what happened:

1)      Create GPO to limit cached credential retention to 1 (default is 10)

2)      Link GPO to appropriate OU

3)      At target workstation I ran GPUPDATE

It was 15 mins+ before the workstation stopped remembering more than 1 cached 
credential, I probably ran GPUPDATE every 5 mins on the workstation.
David Lum // SYSTEMS ENGINEER
NORTHWEST EVALUATION ASSOCIATION
(Desk) 971.222.1025 // (Cell) 503.267.9764
From: Ken Schaefer [mailto:[EMAIL PROTECTED]
Sent: Tuesday, September 23, 2008 6:07 AM
To: NT System Admin Issues
Subject: RE: Cached credentials GPO

What does the number of DCs have to do with it? GPO refresh is initiated by the 
client...

Cheers
Ken

From: David Lum [mailto:[EMAIL PROTECTED]
Sent: Tuesday, 23 September 2008 4:45 AM
To: NT System Admin Issues
Subject: RE: Cached credentials GPO

Thanks. I keep forgetting that even single DC setups have some GPO lag unless 
kicked.
David Lum // SYSTEMS ENGINEER
NORTHWEST EVALUATION ASSOCIATION
(Desk) 971.222.1025 // (Cell) 503.267.9764
From: Michael B. Smith [mailto:[EMAIL PROTECTED]
Sent: Monday, September 22, 2008 11:39 AM
To: NT System Admin Issues
Subject: RE: Cached credentials GPO

Unless you force them, GPOs refresh in 90 minutes +/- a random interval.

Regards,

Michael B. Smith, MCITP:SA,EMA/MCSE/Exchange MVP
My blog: http://TheEssentialExchange.com/blogs/michael
Link with me at: http://www.linkedin.com/in/theessentialexchange

From: David Lum [mailto:[EMAIL PROTECTED]
Sent: Monday, September 22, 2008 2:34 PM
To: NT System Admin Issues
Subject: RE: Cached credentials GPO

OK...apparently I need to wait more than 10 minutes, even in a single FSMO 
environment...seems to be working now with no additional work on my part.
David Lum // SYSTEMS ENGINEER
NORTHWEST EVALUATION ASSOCIATION
(Desk) 971.222.1025 // (Cell) 503.267.9764



From: David Lum [mailto:[EMAIL PROTECTED]
Sent: Monday, September 22, 2008 11:17 AM
To: NT System Admin Issues
Subject: Cached credentials GPO

If you change the GPO for cached credentials from the default of 10 to 1...if 
the machine has already cached 8 logins will it clear those existing 
credentials? My testing here indicates no...













~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

Reply via email to